CVE-2026-8503

Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids. Apache::Session::Generate::SHA256 generated session ids insecurely. The default session id generator returns a SHA-256 hash of the built-in rand function, the epoch time, and the PID, that is hashed...

CVE-2026-8503

CVE-2026-8503 affects Apache::Session::Generate::SHA256 in Perl (versions before 1.3.19). The default ID generator creates a SHA-256 hash of sources with low entropy (rand(), epoch, PID) and hashes that result again, making session IDs predictable. This predictable randomness can enable an attack...

EUVD-2025-38106

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Premmerce Premmerce premmerce allows PHP Local File Inclusion.This issue affects Premmerce: from n/a through = 1.3.19...

CVE-2025-60241

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Premmerce Premmerce premmerce allows PHP Local File Inclusion.This issue affects Premmerce: from n/a through = 1.3.19...

CVE-2025-60241 WordPress Premmerce plugin <= 1.3.19 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Premmerce Premmerce premmerce allows PHP Local File Inclusion.This issue affects Premmerce: from n/a through = 1.3.19...

PT-2025-45282

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Premmerce Premmerce premmerce allows PHP Local File Inclusion.This issue affects Premmerce: from n/a through = 1.3.19...

CVE-2025-64288

Cross-Site Request Forgery CSRF vulnerability in Premmerce Premmerce premmerce allows Cross Site Request Forgery.This issue affects Premmerce: from n/a through = 1.3.19...

CVE-2025-64288

The CVE-2025-64288 entry refers to a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Premmerce plugin, affecting versions through 1.3.19. The issue is documented in multiple sources (NVD/Red Hat/EUVD/CIRCL/etc.) with consistent wording that Premmerce allows CSRF. The core affecte...

CVE-2025-64288 WordPress Premmerce plugin <= 1.3.19 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Premmerce Premmerce premmerce allows Cross Site Request Forgery.This issue affects Premmerce: from n/a through = 1.3.19...

PT-2025-44264

Name of the Vulnerable Software and Affected Versions Premmerce versions through 1.3.19 Description A Cross-Site Request Forgery CSRF issue exists in Premmerce. This allows attackers to potentially perform actions on behalf of authenticated users without their knowledge. Recommendations Update...

CVE-2025-53989

CVE-2025-53989 concerns Crocoblock JetBlocks For Elementor (WordPress plugin). The vulnerability is a Stored Cross-Site Scripting (XSS) in JetBlocks For Elementor versions

WordPress Premmerce plugin <= 1.3.19 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Ryan Novotny in WordPress Plugin Premmerce versions = 1.3.19...

PT-2025-14987 · Easync · Easync

Name of the Vulnerable Software and Affected Versions: eaSYNC versions 1.3.19 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploitation of incorrectly configured access control security levels. Recommendations: For versions 1.3.19 and earlie...

WordPress plugin Newpost Catch 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerabili...

WordPress Newpost Catch plugin <= 1.3.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via npc Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via npc Shortcode vulnerability discovered by Krzysztof Zając in WordPress Plugin Newpost Catch versions = 1.3.19...

OpenSearch Dashboards Security Plugin 安全漏洞

OpenSearch Dashboards Security Plugin is an OpenSearch Dashboards Security Plugin for OpenSearch open source. A security vulnerability exists in OpenSearch Dashboards Security Plugin versions prior to 1.3.19 and prior to 2.16.0 that stems from improper validation of the nextUrl parameter, which m...

WordPress plugin All Bootstrap Blocks 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

Ez Systems eZ Platform 竞争条件问题漏洞

Ez Systems eZ Platform is a content management system CMS based on the Symfony framework from Ez Systems, Norway. A security vulnerability exists in Ez Systems eZ Platform Ibexa Kernel versions prior to 1.3.19. An attacker could exploit the vulnerability to determine the existence of an account v...

Intel® Ethernet Linux Driver Advisory

Summary: Potential security vulnerabilities in some Intel® Ethernet Controllers X722 and 800 series Linux drivers may allow denial of service, escalation of privilege or information disclosure. Intel is releasing software driver updates to mitigate these potential vulnerabilities. Vulnerability...

GHSA-3MCP-9WR4-CJQF Remote Code Execution (RCE) vulnerability in dropwizard-validation

Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. Summary A server-side template injection...