WordPress Event Tickets with Ticket Scanner plugin <= 2.8.5 - Remote Code Execution (RCE) vulnerability

Remote Code Execution RCE vulnerability discovered by daroo in WordPress Plugin Event Tickets with Ticket Scanner versions = 2.8.5...

CVE-2025-12885

The Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sanitizepdfsrc function regex bypass in all versions up to, and including, 2.7.10 due to insufficient input sanitization and output escaping. This makes i...

CVE-2025-12885

The Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sanitizepdfsrc function regex bypass in all versions up to, and including, 2.7.10 due to insufficient input sanitization and output escaping. This makes i...

EUVD-2006-3302

Malware in sbrugna...

EUVD-2024-40043

Malicious code in bioql PyPI...

WordPress plugin Simple Backup 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

CVE-2024-43116

Cross-Site Request Forgery CSRF vulnerability in 10up Simple Local Avatars.This issue affects Simple Local Avatars: from n/a through 2.7.10...

CVE-2023-25575

API Platform Core is the server component of API Platform: hypermedia and GraphQL APIs. Resource properties secured with the security option of the ApiPlatform\Metadata\ApiProperty attribute can be disclosed to unauthorized users. The problem affects most serialization formats, including raw JSON...

CVE-2022-0288

The Ad Inserter WordPress plugin before 2.7.10, Ad Inserter Pro WordPress plugin before 2.7.10 do not sanitise and escape the htmlelementselection parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...

InfluxData InfluxDB 安全漏洞

InfluxData InfluxDB is a Go-based development of temporal databases from InfluxData, USA. A security vulnerability exists in InfluxData InfluxDB version 2.7.10 and earlier, which stems from a vulnerability that allows an allAccess administrator to retrieve all raw tokens via the influx auth ls...

PT-2024-11971 · Rancher · Rancher

Name of the Vulnerable Software and Affected Versions: Rancher versions prior to 2.6.14 Rancher versions prior to 2.7.10 Rancher versions prior to 2.8.2 Description: A vulnerability has been identified which may lead to sensitive data being leaked into Rancher's audit logs. The issue affects...

CVE-2023-49182

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Fabio Marzocca List all posts by Authors, nested Categories and Titles allows Reflected XSS.This issue affects List all posts by Authors, nested Categories and Titles: from n/a through 2.7.10...

WordPress Spectra Plugin <= 2.7.9 is vulnerable to Cross Site Scripting (XSS)

Software Spectra Type Plugin Vulnerable versions = 2.7.9 Fixed in 2.7.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49833 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 70385286c341 Credits Rafie Muhammad Patchstack Required privilege...

PT-2023-8866 · Haproxy +8 · Haproxy +8

Name of the Vulnerable Software and Affected Versions: HAProxy versions 2.0.32 through 2.8.1 HAProxy versions 2.1.x HAProxy versions 2.2.x through 2.2.30 HAProxy versions 2.3.x HAProxy versions 2.4.x through 2.4.23 HAProxy versions 2.5.x HAProxy versions 2.6.x before 2.6.15 HAProxy versions 2.7.x...

WordPress Groundhogg Plugin <= 2.7.9.8 is vulnerable to Cross Site Request Forgery (CSRF)

Software Groundhogg Type Plugin Vulnerable versions = 2.7.9.8 Fixed in 2.7.10 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-2736 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID 8080227ecd75 Credits Lana Codes Required...

Apache Dubbo vulnerable to remote code execution via Telnet Handler

Apache Dubbo is a Java based, open source RPC framework. Versions prior to 2.6.10 and 2.7.10 are vulnerable to pre-authorization remote code execution via arbitrary bean manipulation in the Telnet handler. The Dubbo main service port can be used to access a Telnet Handler which offers some basic...

GHSA-FPRR-RRM8-4534 Apache Dubbo vulnerable to remote code execution via Telnet Handler

Apache Dubbo is a Java based, open source RPC framework. Versions prior to 2.6.10 and 2.7.10 are vulnerable to pre-authorization remote code execution via arbitrary bean manipulation in the Telnet handler. The Dubbo main service port can be used to access a Telnet Handler which offers some basic...

CVE-2022-0288

The Ad Inserter WordPress plugin before 2.7.10, Ad Inserter Pro WordPress plugin before 2.7.10 do not sanitise and escape the htmlelementselection parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...

CVE-2021-25083

The Registrations for the Events Calendar WordPress plugin before 2.7.10 does not escape the qtype parameter before outputting it back in an attribute in the settings page, leading to a Reflected Cross-Site Scripting...

Discourse < 2.7.10 Cache Poisoning Vulnerability

Discourse is prone to a cache poisoning vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse";...