EUVD-2021-26789

Malware in sbrugna...

EUVD-2025-9862

Malicious code in bioql PyPI...

CVE-2024-10177

The Beds24 Online Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's beds24-link shortcode in all versions up to, and including, 2.0.27 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-32155 WordPress Beds24 Online Booking plugin <= 2.0.28 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in markkinchin Beds24 Online Booking beds24-online-booking allows PHP Local File Inclusion.This issue affects Beds24 Online Booking: from n/a through = 2.0.28...

CVE-2025-32155

CVE-2025-32155 pertains to Beds24 Online Booking (WordPress plugin). The vulnerability is an improper control of filename for include/require statements in PHP (PHP Local File Inclusion). It affects Beds24 Online Booking from an unspecified initial version up to 2.0.26 (per CVE description). The ...

CVE-2025-31851

CVE-2025-31851 is an authenticated Stored XSS in Beds24 Online Booking (WordPress plugin), affecting Beds24 Online Booking up to version 2.0.27 (per Wordfence notes) and patched in a later release. The issue stems from improper input neutralization during web page generation, enabling stored XSS....

WordPress plugin Beds24 Online Booking 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability exis...

WordPress Beds24 Online Booking Plugin <= 2.0.26 is vulnerable to Cross Site Scripting (XSS)

Software Beds24 Online Booking Type Plugin Vulnerable versions = 2.0.26 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10177 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ca546aa081c0 Credits Peter Thaleikis...

WordPress plugin Beds24 Online Booking 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability exis...

IBM MQ Operator Denial of Service Vulnerability

IBM MQ Operator is a tool from International Business Machines IBM for managing the lifecycle of IBM MQ Queue Manager. A denial of service vulnerability exists in IBM MQ Operator versions 2.0.26 and 3.2.4, which stems from improper memory allocation and can be exploited by an attacker to cause a...

IBM MQ 安全漏洞

IBM MQ Operator is a tool from International Business Machines IBM for managing the lifecycle of IBM MQ Queue Manager. A security bypass vulnerability exists in IBM MQ Operator versions 2.0.26 and 3.2.4, which can be exploited by an authenticated attacker in a specifically defined role to...

mod_http2 security update

2.0.26-2 - Resolves: RHEL-31855 - modhttp2: httpd: CONTINUATION frames DoS CVE-2024-27316 2.0.26-1 - Resolves: RHEL-14691 - modhttp2 rebase to 2.0.26...

WordPress Blocksy Theme <= 2.0.26 is vulnerable to Cross Site Scripting (XSS)

Software Blocksy Type Theme Vulnerable versions = 2.0.26 Fixed in 2.0.27 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1767 Patch priority Low CVSS severity Low 6.5 Developer Creative Themes PSID 674c245c46ca Credits Ngô Thiên An ancorn Required...

CVE-2024-1767

The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's blocks in all versions up to, and including, 2.0.26 due to insufficient input sanitization and output escaping on user supplied attributes like 'className' and 'radius'. This makes it possible for...

PT-2021-18716

Name of the Vulnerable Software and Affected Versions Checkov versions prior to 2.0.26 Description An unsafe deserialization issue allows arbitrary code execution when processing a malicious terraform file. Recommendations For versions prior to 2.0.26, update to version 2.0.26 or later to resolve...

CVE-2021-3467

A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.26 handled component references in CDEF box in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened...

RaidenHTTPD Cross Site Scripting and Local File Include Vulnerabilities

RaidenHTTPD is prone to local file-include and cross-site scripting vulnerabilities because the application fails to properly sanitize user- supplied input. These issues affect the WebAdmin component. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a...