WordPress Everest Forms Pro plugin <= 1.9.12 - Unauthenticated Remote Code Execution via Calculation Field vulnerability

Unauthenticated Remote Code Execution via Calculation Field vulnerability discovered by hoshino in WordPress Plugin Everest Forms Pro versions = 1.9.12...

WordPress plugin Everest Forms Pro 代码注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

ORICO NAS CD3510 安全漏洞

The ORICO NAS CD3510 is a personal storage device manufactured by ORICO Corporation. Versions of the ORICO NAS CD3510 prior to V1.9.12 contained security vulnerabilities. These vulnerabilities were caused by incorrect symbol link tracking, which could lead to the disclosure or tampering with the...

EUVD-2025-206721

The ORICO NAS CD3510 version V1.9.12 and below contains an Incorrect Symlink Follow vulnerability that could be exploited by attackers to leak or tamper with the internal file system. Attackers can format a USB drive to ext4, create a symbolic link to its root directory, insert the drive into the...

PT-2026-5970

Name of the Vulnerable Software and Affected Versions ORICO NAS CD3510 versions V1.9.12 and below Description The ORICO NAS CD3510 is affected by an Incorrect Symlink Follow issue. This allows attackers to potentially leak or modify the internal file system. An attacker can format a USB drive to...

CVE-2025-14224

A vulnerability was found in Yottamaster DM2, DM3 and DM200 up to 1.2.23/1.9.12. Affected by this issue is some unknown functionality of the component File Upload. Performing manipulation results in path traversal. Remote exploitation of the attack is possible. The exploit has been made public an...

CVE-2025-14220

A security vulnerability has been detected in ORICO CD3510 1.9.12. This affects an unknown function of the component File Upload. The manipulation leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early...

CVE-2025-14220

A security vulnerability has been detected in ORICO CD3510 1.9.12. This affects an unknown function of the component File Upload. The manipulation leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early...

CVE-2025-14220 ORICO CD3510 File Upload path traversal

A security vulnerability has been detected in ORICO CD3510 1.9.12. This affects an unknown function of the component File Upload. The manipulation leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early...

CVE-2025-14220 ORICO CD3510 File Upload path traversal

A security vulnerability has been detected in ORICO CD3510 1.9.12. This affects an unknown function of the component File Upload. The manipulation leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early...

EUVD-2025-201669

A security vulnerability has been detected in ORICO CD3510 1.9.12. This affects an unknown function of the component File Upload. The manipulation leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early...

ORICO CD3510 路径遍历漏洞

The ORICO CD3510 is a networkable hard disk enclosure from ORICO. A path traversal vulnerability exists in the ORICO CD3510 version 1.9.12, which stems from a path traversal vulnerability in the file upload component...

EUVD-2021-10270

Malware in sbrugna...

EUVD-2024-27834

Malicious code in bioql PyPI...

WordPress Spacious Theme <= 1.9.11 is vulnerable to Broken Access Control

Software Spacious Type Theme Vulnerable versions = 1.9.11 Fixed in 1.9.12 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2025-9331 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID bca30fd3c674 Credits Dmitrii Ignatyev Required privilege...

PT-2025-34340 · WordPress · Spacious

Name of the Vulnerable Software and Affected Versions: Spacious theme for WordPress versions prior to 1.9.12 Description: The Spacious theme for WordPress is susceptible to unauthorized data modification due to the absence of a capability check within the welcome notice import handler function...

CVE-2021-34121

An Out of Bounds flaw was discovered in htmodoc 1.9.12 in function parsetree in toc.cxx, this possibly leads to memory layout information leaking in the data. This might be used in a chain of vulnerability in order to reach code execution...

Security Bulletin: CVE-2018-10886 ant before version 1.9.12 unzip and untar targets allows the extraction of files outside the target directory.

Summary ant before version 1.9.12 unzip and untar targets allows the extraction of files outside the target directory. A crafted zip or tar file submitted to an Ant build could create or overwrite arbitrary files with the privileges of the user running Ant. Vulnerability Details...

WordPress Accordion Slider plugin <= 1.9.12 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin Accordion Slider versions = 1.9.12...

Clibo Manager 安全漏洞

Clibo Manager is a management platform from Clibo Manager, Inc. providing sports clubs with the ability to manage subscriptions and ticket sales, as well as direct contact with subscribers, events, sales statistics, and more. A security vulnerability exists in Clibo Manager version 1.9.12, which...