CVE-2026-41887

Flarum is open-source forum software. Prior to versions 1.8.16 and 2.0.0-rc.1, Flarum's patch for CVE-2023-27577 restricted the @import and data-uri LESS features in the customless setting, but the same restriction was never applied to other settings registered as LESS config variables for exampl...

CVE-2026-24371

Missing Authorization vulnerability in bookingalgorithms BA Book Everything ba-book-everything allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BA Book Everything: from n/a through = 1.8.16...

CVE-2026-24371

Missing Authorization vulnerability in bookingalgorithms BA Book Everything ba-book-everything allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BA Book Everything: from n/a through = 1.8.16...

CVE-2026-24371

CVE-2026-24371 is a Missing Authorization (Broken Access Control) vulnerability in the WordPress plugin BA Book Everything (ba-book-everything) affecting versions up to 1.8.16. The RedHat/NVD entries describe an access-control weakness allowing exploitation via misconfigured security levels. The ...

CVE-2026-24371 WordPress BA Book Everything plugin <= 1.8.16 - Broken Access Control vulnerability

Missing Authorization vulnerability in bookingalgorithms BA Book Everything ba-book-everything allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BA Book Everything: from n/a through = 1.8.16...

CVE-2026-24371

Missing Authorization vulnerability in bookingalgorithms BA Book Everything ba-book-everything allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BA Book Everything: from n/a through = 1.8.16...

PT-2026-4261

Missing Authorization vulnerability in bookingalgorithms BA Book Everything ba-book-everything allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BA Book Everything: from n/a through = 1.8.16...

WordPress BA Book Everything plugin <= 1.8.16 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin BA Book Everything versions = 1.8.16...

EUVD-2021-30694

Malicious code in bioql PyPI...

CVE-2021-43802

Etherpad is a real-time collaborative editor. In versions prior to 1.8.16, an attacker can craft an .etherpad file that, when imported, might allow the attacker to gain admin privileges for the Etherpad instance. This, in turn, can be used to install a malicious Etherpad plugin that can execute...

WordPress plugin WP Mailster 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2024-35845 · WordPress · Wp Mailster

Name of the Vulnerable Software and Affected Versions: WP Mailster versions 1.8.16.0 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as 'Cross-site Scripting', which allows Stored XSS. This enables exploitation of web pages...

CVE-2024-4385

The Envo Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 1.8.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and...

WordPress Envo Extra plugin <= 1.8.16 - Authenticated (Contributor+) Cross-Site Scripting vulnerability

Authenticated Contributor+ Cross-Site Scripting vulnerability discovered by stealthcopter in WordPress Plugin Envo Extra versions = 1.8.16...

WordPress plugin Envo Extra plugin 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

SUSE CVE-2016-4330

In the HDF5 1.8.16 library's failure to check if the number of dimensions for an array read from the file is within the bounds of the space allocated for it, a heap-based buffer overflow will occur, potentially leading to arbitrary code execution...

Design/Logic Flaw

Etherpad is a real-time collaborative editor. In versions prior to 1.8.16, an attacker can craft an .etherpad file that, when imported, might allow the attacker to gain admin privileges for the Etherpad instance. This, in turn, can be used to install a malicious Etherpad plugin that can execute...

SUSE: Security Advisory (SUSE-SU-2015:0457-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated hdf5 packages fix security vulnerabilities

In the HDF5 1.8.16 library's failure to check if the number of dimensions for an array read from the file is within the bounds of the space allocated for it, a heap-based buffer overflow will occur, potentially leading to arbitrary code execution CVE-2016-4330. When decoding data out of a dataset...

HDF5 Code Execution Vulnerability

HDF5 is a file format for storing different types of images and data. A code execution vulnerability exists in HDF5 version 1.8.16 that stems from the library using the value of a file to allocate space for an array. An attacker could exploit the vulnerability to execute arbitrary code...