CVE-2026-27023 Twenty: SSRF protection bypass via HTTP redirect following in secure HTTP client

Twenty is an open source CRM. Prior to version 1.18, the SSRF protection in SecureHttpClientService validated request URLs at the request level but did not validate redirect targets. An authenticated user who could control outbound request URLs e.g., webhook endpoints, image URLs could bypass...

PT-2026-23479

Twenty is an open source CRM. Prior to version 1.18, the SSRF protection in SecureHttpClientService validated request URLs at the request level but did not validate redirect targets. An authenticated user who could control outbound request URLs e.g., webhook endpoints, image URLs could bypass...

CVE-2025-68866

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in woofer696 Dinatur dinatur allows Stored XSS.This issue affects Dinatur: from n/a through = 1.18...

CVE-2025-68866

CVE-2025-68866 affects the WordPress plugin Dinatur (versions up to and including 1.18). The issue is an Stored XSS caused by improper neutralization of input during web page generation, exposing site visitors to injected scripts. The vulnerability is rated with a CVSSv3.1 base score of 7.1 (High...

EUVD-2004-0967

Malware in sbrugna...

EUVD-2025-13745

Malicious code in bioql PyPI...

EUVD-2022-1420

Malicious code in bioql PyPI...

JetBrains ToolBox before version 1.18 is vulnerable to Remote Code Execution via a browser protocol handler.

...

Linux Distros Unpatched Vulnerability : CVE-2018-1338

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A carefully crafted or fuzzed file can trigger an infinite loop in Apache Tika's BPGParser in versions of Apache Tika before 1.18. CVE-2018-1338 Note that Nessu...

Linux Distros Unpatched Vulnerability : CVE-2018-11762

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline --extract-dir= and the input file has an...

CVE-2023-46775

Cross-Site Request Forgery CSRF vulnerability in Djo Original texts Yandex WebMaster plugin = 1.18 versions...

CVE-2025-47647

Cross-Site Request Forgery CSRF vulnerability in OTWthemes Sidebar Manager Light sidebar-manager-light allows Cross Site Request Forgery.This issue affects Sidebar Manager Light: from n/a through = 1.18...

CVE-2025-47647

Cross-Site Request Forgery CSRF vulnerability in OTWthemes Sidebar Manager Light sidebar-manager-light allows Cross Site Request Forgery.This issue affects Sidebar Manager Light: from n/a through = 1.18...

CVE-2025-47647 WordPress Sidebar Manager Light plugin <= 1.18 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in OTWthemes Sidebar Manager Light sidebar-manager-light allows Cross Site Request Forgery.This issue affects Sidebar Manager Light: from n/a through = 1.18...

WordPress plugin Sidebar Manager Light 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

WordPress Sidebar Manager Light plugin <= 1.18 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO in WordPress Plugin Sidebar Manager Light versions = 1.18...

PT-2025-5457 · Unknown · Wpgear Import Excel To Gravity Forms

Name of the Vulnerable Software and Affected Versions: WPGear Import Excel to Gravity Forms versions 1.18 and earlier Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting', which allows Reflected XSS. This enables...

CVE-2024-54215

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in roninwp Revy revy.This issue affects Revy: from n/a through = 1.18...

WordPress plugin Revy 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2024-54214

Unrestricted Upload of File with Dangerous Type vulnerability in roninwp Revy revy allows Upload a Web Shell to a Web Server.This issue affects Revy: from n/a through = 1.18...