CVE-2026-49069 WordPress WPZOOM Portfolio plugin <= 1.4.21 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPZOOM Portfolio allows Reflected XSS. This issue affects WPZOOM Portfolio: from n/a through 1.4.21...

CVE-2026-49069

The CVE-2026-49069 entry refers to the WordPress WPZOOM Portfolio plugin (versions

WordPress WPZOOM Portfolio plugin <= 1.4.21 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Kent Apostol in WordPress Plugin WPZOOM Portfolio versions = 1.4.21...

Astra Linux - уязвимость в libxstream-java

XStream is a simple library for serializing objects to XML and back again. This vulnerability may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service—only by manipulating the processed input stream when XStream is configured to use th...

CVE-2025-14942

wolfSSH’s key exchange state machine can be manipulated to leak the client’s password in the clear, trick the client to send a bogus signature, or trick the client into skipping user authentication. This affects client applications with wolfSSH version 1.4.21 and earlier. Users of wolfSSH must...

CVE-2025-14942

wolfSSH’s key exchange state machine can be manipulated to leak the client’s password in the clear, trick the client to send a bogus signature, or trick the client into skipping user authentication. This affects client applications with wolfSSH version 1.4.21 and earlier. Users of wolfSSH must...

CVE-2025-14942 Authentication Bypass

wolfSSH’s key exchange state machine can be manipulated to leak the client’s password in the clear, trick the client to send a bogus signature, or trick the client into skipping user authentication. This affects client applications with wolfSSH version 1.4.21 and earlier. Users of wolfSSH must...

wolfSSH 安全漏洞

wolfSSH is a small, fast, and portable SSH implementation of wolfSSL open source, including support for SCP and SFTP. A security vulnerability exists in wolfSSH 1.4.21 and earlier versions, which stems from a key exchange state machine that can be manipulated, potentially leading to the disclosur...

EUVD-2024-1257

Malicious code in bioql PyPI...

CVE-2024-32005

NiceGUI is an easy-to-use, Python-based UI framework. A local file inclusion is present in the NiceUI leaflet component when requesting resource files under the /nicegui/version/resources/key/path:path route. As a result any file on the backend filesystem which the web server has access to can be...

GHSA-HFQ9-HGGM-C56Q XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream

Impact The vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream when XStream is configured to use the BinaryStreamDriver. Patches XStream 1.4.21 detects the manipulation ...

PT-2024-25186 · Unknown · Webbax Supernewsletter

Name of the Vulnerable Software and Affected Versions: Webbax supernewsletter versions 1.4.21 and earlier Description: The issue allows a remote attacker to escalate privileges via the Super Newsletter module in the product search.php component. Recommendations: For versions 1.4.21 and earlier,...

PrestaShop SQL注入漏洞

PrestaShop is an open source e-commerce solution from the American company PrestaShop. The solution provides multiple payment methods, SMS alerts and product image scaling. A SQL injection vulnerability exists in PrestaShop Webbax v.1.4.21 and earlier versions, which originates from a vulnerabili...

CVE-2024-32005 Local File Inclusion in NiceGUI leaflet component

NiceGUI is an easy-to-use, Python-based UI framework. A local file inclusion is present in the NiceUI leaflet component when requesting resource files under the /nicegui/version/resources/key/path:path route. As a result any file on the backend filesystem which the web server has access to can be...

CVE-2024-32005 Local File Inclusion in NiceGUI leaflet component

NiceGUI is an easy-to-use, Python-based UI framework. A local file inclusion is present in the NiceUI leaflet component when requesting resource files under the /nicegui/version/resources/key/path:path route. As a result any file on the backend filesystem which the web server has access to can be...

CVE-2024-32005

CVE-2024-32005 : Local File Inclusion in NiceGUI’s leaflet component allows reading any backend file accessible to the web server via requests to /_nicegui/{version }/resources/{key}/{path:path}. Affected upstream: NiceGUI before 1.4.21. Impact: arbitrary file read on the server. Remediation: upg...

CVE-2024-32005 Local File Inclusion in NiceGUI leaflet component

NiceGUI is an easy-to-use, Python-based UI framework. A local file inclusion is present in the NiceUI leaflet component when requesting resource files under the /nicegui/version/resources/key/path:path route. As a result any file on the backend filesystem which the web server has access to can be...

PT-2024-24354 · Nicegui · Nicegui

Name of the Vulnerable Software and Affected Versions: NiceGUI versions prior to 1.4.21 Description: A local file inclusion is present in the NiceUI leaflet component when requesting resource files under the / nicegui/ version /resources/key/path:path route. As a result, any file on the backend...

SUSE CVE-2011-2753

Multiple cross-site request forgery CSRF vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to hijack the authentication of unspecified victims via vectors involving 1 the empty trash implementation and 2 the Index Order aka optionsorder page, a different issue than...

kotlin: vulnerable Java API was used for temporary file and folder creation which could result in information disclosure

In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from such files and list directories due to insecure permissions...