GHSA-FH3H-VG37-CC95 WebOb: Location header normalization during redirect leads to open redirect - again

Impact When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing the URL that the user is to be redirected to with Python's urllib.parse, and joining it to the base URL. urlsplit called internally by urljoin however treats a // at the start of a string ...

WebOb: Location header normalization during redirect leads to open redirect - again

Impact When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing the URL that the user is to be redirected to with Python's urllib.parse, and joining it to the base URL. urlsplit called internally by urljoin however treats a // at the start of a string ...

EUVD-2026-15568

Authentication Bypass by Spoofing vulnerability in WP Swings Subscriptions for WooCommerce subscriptions-for-woocommerce allows Input Data Manipulation.This issue affects Subscriptions for WooCommerce: from n/a through = 1.8.10...

EUVD-2025-208999

Authorization Bypass Through User-Controlled Key vulnerability in Convers Lab WPSubscription subscription allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPSubscription: from n/a through = 1.8.10...

CVE-2026-24372

Authentication Bypass by Spoofing vulnerability in WP Swings Subscriptions for WooCommerce subscriptions-for-woocommerce allows Input Data Manipulation.This issue affects Subscriptions for WooCommerce: from n/a through = 1.8.10...

CVE-2026-24372 WordPress Subscriptions for WooCommerce plugin <= 1.8.10 - Bypass Vulnerability vulnerability

Authentication Bypass by Spoofing vulnerability in WP Swings Subscriptions for WooCommerce subscriptions-for-woocommerce allows Input Data Manipulation.This issue affects Subscriptions for WooCommerce: from n/a through = 1.8.10...

CVE-2026-24372

CVE-2026-24372 affects the WordPress plugin Subscriptions for WooCommerce up to version 1.8.10, where an Authentication Bypass by Spoofing plus Input Data Manipulation vulnerability exists. The issue is confirmed across multiple sources (NVD/Red Hat/CVEs lists) with CVSS v3.1 base score 7.5 (HIGH...

CVE-2025-69347 WordPress WPSubscription plugin <= 1.8.10 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Convers Lab WPSubscription subscription allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPSubscription: from n/a through = 1.8.10...

WordPress plugin WPSubscription 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-27854

Name of the Vulnerable Software and Affected Versions Subscriptions for WooCommerce versions through 1.8.10 Description An authentication bypass by spoofing issue exists in WP Swings Subscriptions for WooCommerce. This allows for input data manipulation. The issue impacts the Subscriptions for...

WordPress Subscriptions for WooCommerce plugin <= 1.8.10 - Bypass Vulnerability vulnerability

Bypass Vulnerability vulnerability discovered by PPzzAArr in WordPress Plugin Subscriptions for WooCommerce versions = 1.8.10...

CVE-2023-25959

Missing Authorization vulnerability in Apollo13Themes Apollo13 Framework Extensions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Apollo13 Framework Extensions: from n/a through 1.8.10...

EUVD-2024-28168

Malicious code in bioql PyPI...

EUVD-2024-40051

Malicious code in bioql PyPI...

CVE-2024-43124

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Iqonic Design Graphina allows Stored XSS.This issue affects Graphina: from n/a through 1.8.10...

CVE-2024-30448

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Supsystic Slider by Supsystic allows Stored XSS.This issue affects Slider by Supsystic: from n/a through 1.8.10...

CVE-2025-46331 OpenFGA Authorization Bypass

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.8.10 to v1.3.6 Helm chart = openfga-0.2.28, docker = v.1.8.10 are vulnerable to authorization bypass when certain Check and ListObject calls are executed. Th...

CVE-2025-27794

Summary: CVE-2025-27794 affects Flarum versions prior to 1.8.10, where an attacker-controlled authoritative subdomain can set cookies for the parent domain, potentially enabling session hijacking on sibling subdomains. What is affected: Flarum core (pre-1.8.10) with cookies scoped to a parent dom...

PT-2024-23376 · Supsystic · Supsystic Slider

Name of the Vulnerable Software and Affected Versions: Supsystic Slider by Supsystic versions 1.8.10 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as 'Cross-site Scripting', which allows Stored XSS. This means that an...

WordPress Slider by Supsystic Plugin <= 1.8.10 is vulnerable to SQL Injection

Software Slider by Supsystic Type Plugin Vulnerable versions = 1.8.10 Fixed in 1.8.11 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-30237 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 6fa97cac7811 Credits Jean Tirstan T Required privilege...