PT-2026-3075

Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. Prior to 2.2.3 and 1.7.16, the API endpoint for listing Predefined Properties in the Pimcore platform lacks adequate server-side authorization checks. Predefined Properties are configurable metadata definitions e.g., name, key, typ...

WordPress plugin WPCOM Member 授权问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. An authorizatio...

CVE-2025-13993

The MailerLite – Signup forms official plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'formdescription' and 'successmessage' parameters in versions up to, and including, 1.7.16 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2025-13993

CVE-2025-13993 - MailerLite – Signup forms (official) plugin for WordPress is affected up to version 1.7.16. The vulnerability is a Stored Cross-Site Scripting (Stored XSS) in the parameters form_description and success_message caused by insufficient input sanitization and output escaping. Exploi...

PT-2025-50911

The MailerLite – Signup forms official plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'form description' and 'success message' parameters in versions up to, and including, 1.7.16 due to insufficient input sanitization and output escaping. This makes it possible for...

EUVD-2024-30466

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-50472

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSONSetValuestring at cJSON.c. CVE-2023-50472 Note that Nessus relies on the...

Linux Distros Unpatched Vulnerability : CVE-2023-50471

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSONInsertItemInArray at cJSON.c. CVE-2023-50471 Note that Nessus relies on t...

SUSE-SU-2025:20091-1 Security update for containerd

This update for containerd fixes the following issues: - Update to containerd v1.7.21. Upstream release notes: https://github.com/containerd/containerd/releases/tag/v1.7.21 Fixes CVE-2023-47108. bsc1217070 Fixes CVE-2023-45142. bsc1228553 - Update to containerd v1.7.17. Upstream release notes:...

CVE-2024-12678

Nomad Community and Nomad Enterprise "Nomad" allocations are vulnerable to privilege escalation within a namespace through unredacted workload identity tokens. This vulnerability, identified as CVE-2024-12678, is fixed in Nomad Community Edition 1.9.4 and Nomad Enterprise 1.9.4, 1.8.8, and 1.7.16...

OESA-2024-2303 cjson security update

cJSON aims to be the dumbest possible parser that you can get your job done with. It's a single file of C, and a single header file. %package devel Summary: Development files for cJSON Requires: = - Requires: pkgconfig %description devel The cjson-devel package contains libraries and header files...

Splunk Config Explorer 安全漏洞

Splunk Config Explorer is an editor interface by Chris Younger, a personal developer. A security vulnerability exists in Splunk Config Explorer versions prior to 1.7.16. An attacker can exploit the vulnerability to execute arbitrary scripts on a web browser...

PT-2024-5284 · Splunk · Splunk Config Explorer

Name of the Vulnerable Software and Affected Versions: Splunk Config Explorer versions prior to 1.7.16 Description: The issue exists due to inadequate protection of the web page structure in Splunk Config Explorer, allowing for a cross-site scripting XSS attack. If exploited, this could lead to t...

WordPress plugin Login with phone number 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

PT-2024-24764 · Unknown · Shared Files

Name of the Vulnerable Software and Affected Versions: Shared Files versions 1.7.16 and earlier Description: The issue is related to a Missing Authorization vulnerability in Shared Files PRO Shared Files. Recommendations: For versions 1.7.16 and earlier, update to a version that includes the fix...

WordPress Plugin Shared Files 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Login with phone number plugin <= 1.7.16 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Emili Castells Patchstack Alliance in WordPress Plugin Login with phone number versions = 1.7.16...

cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_SetValuestring at cJSON.c.

...

WordPress Multi Step Form Plugin <= 1.7.16 is vulnerable to Cross Site Scripting (XSS)

Software Multi Step Form Type Plugin Vulnerable versions = 1.7.16 Fixed in 1.7.17 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-50832 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 5debd5a6baa3 Credits Benmalek Aymen centaurus Required...

SUSE CVE-2023-50472

cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSONSetValuestring at cJSON.c...