CVE-2026-25639

Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing proto as an own property. An attacker can trigger this by providing a malicious...

CVE-2026-25639

Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing proto as an own property. An attacker can trigger this by providing a malicious...

WordPress Elementor Addon Elements plugin <= 1.13.5 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by wesley wcraft in WordPress Plugin Elementor Addon Elements versions = 1.13.5...

WordPress Elementor Addon Elements plugin <= 1.13.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via id and eae_slider_animation Parameters vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via id and eaeslideranimation Parameters vulnerability discovered by stealthcopter in WordPress Plugin Elementor Addon Elements versions = 1.13.5...

CVE-2017-18593

The updraftplus plugin before 1.13.5 for WordPress has XSS in rare cases where an attacker controls a string logged to a log file...

CVE-2024-4570

The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 1.13.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

CVE-2024-4569

The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 1.13.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

CVE-2023-47204

Unsafe YAML deserialization in yaml.Loader in transmute-core before 1.13.5 allows attackers to execute arbitrary Python code...

WordPress plugin Elementor Addon Elements 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin.... A cross-site scripting...

PT-2024-30875 · WordPress · Elementor Addon Elements

Name of the Vulnerable Software and Affected Versions: Elementor Addon Elements plugin for WordPress versions up to, and including, 1.13.5 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows authenticated attacke...

WordPress plugin Easy Image Collage security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Elementor Addon Elements plugin <= 1.13.5 - Contributor+ Stored Cross-Site Scripting vulnerability

Contributor+ Stored Cross-Site Scripting vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin Elementor Addon Elements versions = 1.13.5...

CVE-2024-4569

The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 1.13.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

WordPress Plugin Elementor Addon Elements Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2024-40432 · Ez Systems · Ez Platform

Name of the Vulnerable Software and Affected Versions: ezsystems/ezplatform versions 1.7.9 through 1.7.9, 1.13.5 through 1.13.5, 2.5.4 through 2.5.4 Description: The issue is related to caching vulnerabilities when the front-controller script is included in URLs. This is particularly problematic...

PT-2023-30367 · Unknown · Transmute-Core

Name of the Vulnerable Software and Affected Versions: transmute-core versions prior to 1.13.5 Description: The issue concerns unsafe YAML deserialization in the yaml.Loader component of transmute-core, allowing attackers to execute arbitrary Python code. Recommendations: For versions prior to...

CVE-2023-3462 Vault's LDAP Auth Method Allows for User Enumeration

HashiCorp's Vault and Vault Enterprise are vulnerable to user enumeration when using the LDAP auth method. An attacker may submit requests of existent and non-existent LDAP users and observe the response from Vault to check if the account is valid on the LDAP server. This vulnerability is fixed i...

PT-2023-26086 · Hashicorp · Vault Enterprise

Name of the Vulnerable Software and Affected Versions: Vault Enterprise versions prior to 1.14.1 Vault Enterprise versions prior to 1.13.5 Vault Enterprise versions prior to 1.12.9 Description: An unhandled error in Vault Enterprise's namespace creation may cause the Vault process to crash,...

WordPress Plugin Custom Post Type UI 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

@0negativ/hawtio-integration (>=4.13.7-rc4 <=4.13.7-rc5), @archey347/uf_blog (=0.0.0) +383 more potentially affected by CVE-2019-20921 via bootstrap-select (>=1.10.0 <=1.13.5)

bootstrap-select NPM version =1.10.0, =4.13.7-rc4, =1.31.0, =1.13.0, =1.0.9, =2.0.0, =0.1.0, =1.0.0, =2.0.0, =2.2.0, =0.0.4, =2.0.0, =2.0.31 and more Source cves: CVE-2019-20921 Source advisory: OSV:GHSA-7C82-MP33-R854...