EUVD-2024-48985

Malicious code in bioql PyPI...

CVE-2025-57433

The 2wcom IP-4c 2.15.5 device's web interface includes an information disclosure vulnerability. By sending a crafted POST request to a specific endpoint /cwi/ajaxrequest/getdata.php, an authenticated attacker even with a low-privileged account like guest can retrieve the hashed passwords for the...

2wcom IP-4c 安全漏洞

The 2wcom IP-4c is an audio codec device from the German company 2wcom. A security vulnerability exists in the 2wcom IP-4c version 2.15.5, which stems from improper access control and could result in elevated privileges...

CVE-2024-52524

Giskard is an evaluation and testing framework for AI systems. A Remote Code Execution ReDoS vulnerability was discovered in Giskard component by the GitHub Security Lab team. When processing datasets with specific text patterns with Giskard detectors, this vulnerability could trigger exponential...

CVE-2024-1396

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘titletag’ parameter in all versions up to, and including, 2.15.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2024-1348

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS parameter in all versions up to, and including, 2.15.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2025-1751

CVE-2025-1751 affects Ciges 2.15.5 (ATISoluciones). The vulnerability is a SQL Injection in the /modules/ajaxBloqueaCita.php endpoint via the $idServicio parameter, enabling an attacker to retrieve, create, update, and delete database data. CVSSv3.1 base score 9.8 (N: network vector, low complexi...

PT-2025-8934 · Ciges · Ciges

Name of the Vulnerable Software and Affected Versions: Ciges version 2.15.5 Description: A SQL Injection vulnerability has been found in Ciges, allowing an attacker to retrieve, create, update, and delete database entries via the $idServicio parameter in the /modules/ajaxBloqueaCita.php endpoint...

Ciges SQL注入漏洞

Ciges is an application from Ciges Inc. A security vulnerability exists in Ciges version 2.15.5. An attacker exploiting this vulnerability can retrieve, create, update, and delete databases via the $idServicio parameter in the /modules/ajaxBloqueaCita.php endpoint...

CVE-2024-52524 ReDoS in Giskard Scan text perturbation

Giskard is an evaluation and testing framework for AI systems. A Remote Code Execution ReDoS vulnerability was discovered in Giskard component by the GitHub Security Lab team. When processing datasets with specific text patterns with Giskard detectors, this vulnerability could trigger exponential...

CVE-2024-8161

SQL injection vulnerability in ATISolutions CIGES affecting versions lower than 2.15.5. This vulnerability allows a remote attacker to send a specially crafted SQL query to the /modules/ajaxServiciosCentro.php point in the idCentro parameter and retrieve all the information stored in the database...

CVE-2024-3517

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Accordion Widget in all versions up to, and including, 2.15.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

WordPress plugin Shortcodes and extra features for Phlox theme 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

WordPress plugin Shortcodes and extra features for Phlox theme 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

WordPress plugin Shortcodes and extra features for Phlox theme 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

WordPress plugin Shortcodes and extra features for Phlox theme 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

Shortcodes and extra features for Phlox theme <= 2.15.5 - Contributor+ XSS via HTML Element

Description The plugin is vulnerable to Stored Cross-Site Scripting via the HTML Element due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute...

PT-2024-17969 · WordPress · Phlox

Name of the Vulnerable Software and Affected Versions: Shortcodes and extra features for Phlox theme plugin for WordPress versions up to, and including, 2.15.5 Description: The issue is related to Stored Cross-Site Scripting via the plugin's aux timeline shortcode due to insufficient input...

WordPress Shortcodes and extra features for Phlox theme Plugin <= 2.15.5 is vulnerable to Cross Site Scripting (XSS)

Software Shortcodes and extra features for Phlox theme Type Plugin Vulnerable versions = 2.15.5 Fixed in 2.15.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3517 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f07a1adb2975...