Astra Linux - уязвимость в cyrus-sasl2

In Cyrus SASL 2.1.17 through 2.1.27 up to 2.1.28, the plugins/sql.c file does not escape the password used in SQL INSERT or UPDATE statements...

D3D ZX-G12 安全漏洞

D3D ZX-G12 is a multi-functional smart home security alarm system from D3D India. A security vulnerability exists in D3D ZX-G12 version v2.1.17, which stems from a lack of interference detection in the 433 MHz alarm sensor channel, which could lead to a denial-of-service attack resulting in a...

CVE-2023-49846

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Paul Bearne Author Avatars List/Block allows Stored XSS.This issue affects Author Avatars List/Block: from n/a through 2.1.17...

EUVD-2025-163775

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpdevelop Booking Manager booking-manager allows Stored XSS.This issue affects Booking Manager: from n/a through = 2.1.17...

CVE-2025-64275

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpdevelop Booking Manager booking-manager allows Stored XSS.This issue affects Booking Manager: from n/a through = 2.1.17...

PT-2025-46806

Name of the Vulnerable Software and Affected Versions wpdevelop Booking Manager versions through 2.1.17 Description A flaw exists in wpdevelop Booking Manager that allows for Stored Cross-site Scripting XSS. This issue arises from improper neutralization of input during web page generation...

EUVD-2024-0944

Malicious code in bioql PyPI...

EUVD-2025-28319

Malicious code in bioql PyPI...

CVE-2025-50018 WordPress Tealium plugin <= 2.1.20 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tealium Tealium tealium allows Stored XSS.This issue affects Tealium: from n/a through = 2.1.20...

CVE-2025-49858

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tychesoftwares Arconix Shortcodes arconix-shortcodes allows Stored XSS.This issue affects Arconix Shortcodes: from n/a through = 2.1.17...

CVE-2025-49858

CVE-2025-49858 concerns the WordPress Arconix Shortcodes plugin. The vulnerability is a Cross-Site Scripting (Stored XSS) due to improper neutralization of input during web page generation, affecting Arconix Shortcodes versions up to and including 2.1.17. The issue is rooted in input handling wit...

CVE-2021-4379

The WooCommerce Multi Currency plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wmcbulkfixedprice function in versions up to, and including, 2.1.17. This makes it possible for authenticated attackers, with subscriber-level permissions and above, ...

CVE-2024-23508

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bPlugins PDF Poster – PDF Embedder Plugin for WordPress allows Reflected XSS.This issue affects PDF Poster – PDF Embedder Plugin for WordPress: from n/a through 2.1.17...

PT-2023-31393 · Unknown · Author Avatars List/Block

Name of the Vulnerable Software and Affected Versions: Paul Bearne Author Avatars List/Block versions 2.1.17 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that a...

CVE-2021-4379

The WooCommerce Multi Currency plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wmcbulkfixedprice function in versions up to, and including, 2.1.17. This makes it possible for authenticated attackers, with subscriber-level permissions and above, ...

CVE-2021-4376

The WooCommerce Multi Currency plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.17. This makes it possible for authenticated attackers to change the price of a product to an arbitrary value...

CVE-2021-24664

The School Management System – WPSchoolPress WordPress plugin before 2.1.17 sanitise some fields using sanitizetextfield but does not escape them before outputting in attributes, resulting in Stored Cross-Site Scripting issues...