CVE-2026-8838

Unsafe use of Python's eval on server-received data in the vectorin function in amazon-redshift-python-driver before 2.1.14 allows a rogue server or man-in-the-middle actor to execute arbitrary code on the client. To remediate this issue, users should upgrade to version 2.1.14...

CVE-2026-8838

Unsafe use of Python's eval on server-received data in the vectorin function in amazon-redshift-python-driver before 2.1.14 allows a rogue server or man-in-the-middle actor to execute arbitrary code on the client. To remediate this issue, users should upgrade to version 2.1.14...

zot-registry-2.1.14-1.1 on GA media (moderate)

zot-registry-2.1.14-1.1 on GA media Announcement ID: openSUSE-SU-2026:10100-1 Rating: moderate Cross-References: CVE-2025-30204 CVSS scores: CVE-2025-30204 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2025-30204 SUSE : 8.7...

OPENSUSE-SU-2026:10100-1 zot-registry-2.1.14-1.1 on GA media

These are all security issues fixed in the zot-registry-2.1.14-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2023-54335

eXtplorer 2.1.14 contains an authentication bypass vulnerability that allows attackers to login without a password by manipulating the login request. Attackers can exploit this flaw to upload malicious PHP files and execute remote commands on the vulnerable file management system...

CVE-2023-54335

eXtplorer 2.1.14 contains an authentication bypass vulnerability that allows attackers to login without a password by manipulating the login request. Attackers can exploit this flaw to upload malicious PHP files and execute remote commands on the vulnerable file management system...

CVE-2023-54335 eXtplorer<= 2.1.14 - Authentication Bypass & Remote Code Execution (RCE)

eXtplorer 2.1.14 contains an authentication bypass vulnerability that allows attackers to login without a password by manipulating the login request. Attackers can exploit this flaw to upload malicious PHP files and execute remote commands on the vulnerable file management system...

eXtplorer 访问控制错误漏洞

eXtplorer is a PHP-based file manager by soerennb individual developer. An access control error vulnerability exists in eXtplorer version 2.1.14, which stems from an authentication bypass that could allow an attacker to upload malicious PHP files and execute remote commands...

CVE-2025-12505

The weDocs plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.1.14. This is due to the plugin not properly verifying that a user is authorized to perform an action in the createitempermissionscheck function. This makes it possible for authenticated...

CVE-2025-12505 weDocs <= 2.1.14 - Missing Authorization to Settings Update

The weDocs plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.1.14. This is due to the plugin not properly verifying that a user is authorized to perform an action in the createitempermissionscheck function. This makes it possible for authenticated...

CVE-2025-12475

The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'blocksynewslettersubscribe' shortcode in all versions up to, and including, 2.1.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...

PT-2025-44493

Name of the Vulnerable Software and Affected Versions Nagios Log Server versions prior to 2.1.14 Description Nagios Log Server is affected by a cross-site scripting XSS issue through the Snapshots Page. The application does not properly encode untrusted log content before displaying it, which...

PT-2025-44370

Name of the Vulnerable Software and Affected Versions Blocksy Companion plugin for WordPress versions up to and including 2.1.14 Description The Blocksy Companion plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'blocksy newsletter subscribe' shortcode. This is due t...

EUVD-2023-47686

Malicious code in bioql PyPI...

CVE-2023-41619

Emlog Pro v2.1.14 was discovered to contain a cross-site scripting XSS vulnerability via the component /admin/article.php?action=write...

CVE-2023-41618

Emlog Pro v2.1.14 was discovered to contain a reflective cross-site scripting XSS vulnerability via the component /admin/article.php?activesavedraft...

CVE-2024-13727 MemberSpace – Membership Plugin and Paid Subscriptions < 2.1.14 - Reflected XSS

The MemberSpace WordPress plugin before 2.1.14 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users...

CVE-2024-56242

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tyche Softwares Arconix Shortcodes allows Stored XSS.This issue affects Arconix Shortcodes: from n/a through 2.1.14...

PT-2025-3208 · Unknown · Arconix Shortcodes

Name of the Vulnerable Software and Affected Versions: Arconix Shortcodes versions through 2.1.14 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inject...

WordPress plugin Breeze 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...