WordPress Brizy – Page Builder plugin <= 2.8.11 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by momopon1415 in WordPress Plugin Brizy versions = 2.8.11...

WordPress plugin Brizy 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

CVE-2025-67509

Neuron is a PHP framework for creating and orchestrating AI Agents. Versions 2.8.11 and below use MySQLSelectTool, which is vulnerable to Read-Only Bypass. MySQLSelectTool is intended to be a read-only SQL tool e.g., for LLM agent querying, however, validation based on the first keyword e.g.,...

CVE-2025-67509 MySQLSelectTool Read-Only Bypass via SELECT INTO OUTFILE Allows Arbitrary File Write

Neuron is a PHP framework for creating and orchestrating AI Agents. Versions 2.8.11 and below use MySQLSelectTool, which is vulnerable to Read-Only Bypass. MySQLSelectTool is intended to be a read-only SQL tool e.g., for LLM agent querying, however, validation based on the first keyword e.g.,...

CVE-2025-67509 MySQLSelectTool Read-Only Bypass via SELECT INTO OUTFILE Allows Arbitrary File Write

Neuron is a PHP framework for creating and orchestrating AI Agents. Versions 2.8.11 and below use MySQLSelectTool, which is vulnerable to Read-Only Bypass. MySQLSelectTool is intended to be a read-only SQL tool e.g., for LLM agent querying, however, validation based on the first keyword e.g.,...

EUVD-2022-0115

Malicious code in bioql PyPI...

CVE-2024-43973

Missing Authorization vulnerability in Stiofan GetPaid invoicing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GetPaid: from n/a through = 2.8.11...

Security update for haproxy

This update for haproxy fixes the following issues: CVE-2024-53008: Fixed HTTP/3 request smuggling via malformed HTTP headers forwarded to a HTTP/1.1 non-compliant back-end server bsc1233973 Other fixes: Update to version 2.8.11 Patch Instructions: To install this SUSE update use the SUSE...

JVN#88385716: HAProxy vulnerable to HTTP request/response smuggling

HAProxy HTTP/3 implementation contains an issue on accepting malformed HTTP headers. When a request including malformed HTTP headers is forwarded to a HTTP/1.1 non-compliant back-end server, it is exploited to conduct an HTTP request/response smuggling attack CWE-444. Impact A remote attacker may...

WordPress plugin GetPaid 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2024-30836 · Getpaid · Getpaid

Name of the Vulnerable Software and Affected Versions: GetPaid versions 2.8.11 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For versions 2.8.11 and earlier,...

WordPress plugin Post Form 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress GetPaid plugin <= 2.8.11 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Muhammad Daffa in WordPress Plugin GetPaid versions = 2.8.11...

WordPress Mine Video Player plugin <= 2.8.11 - Malicious Polyfill.io Embed vulnerability

Malicious Polyfill.io Embed vulnerability discovered by Sansec.io in WordPress Plugin Mine Video Player versions = 2.8.11...

GHSA-F8XQ-Q7PX-WG8C Improper Neutralization of Formula Elements in a CSV File in Gradio Flagging

Impact The gradio library has a flagging functionality which saves input/output data into a CSV file on the developer's computer. This can allow a user to save arbitrary text into the CSV file, such as commands. If a program like MS Excel opens such a file, then it automatically runs these...

CVE-2022-24770 Improper Neutralization of Formula Elements in a CSV File in Gradio Flagging

gradio is an open source framework for building interactive machine learning models and demos. Prior to version 2.8.11, gradio suffers from Improper Neutralization of Formula Elements in a CSV File. The gradio library has a flagging functionality which saves input/output data into a CSV file on t...

CVE-2016-2190

Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not properly restrict links, which allows remote attackers to obtain sensitive URL information by reading a Referer log...

phplist version 2.8.11 SQL Injection Vulnerability

No description provided by source. ----------------------------------------------------------------------------------------------------------------------- phplist version 2.8.11 SQL Injection Vulnerability http://www.phplist.com/...

phplist version 2.8.11 SQL Injection Vulnerability

Exploit for php platform in category web applications ================================================== phplist version 2.8.11 SQL Injection Vulnerability ==================================================...

strongSwan Denial Of Service Vulnerability - Aug09

This host has strongSwan and is prone to Denial of Service Vulnerability. OpenVAS Vulnerability Test $Id: gbstrongswandosvulnaug09.nasl 4869 2016-12-29 11:01:45Z teissa $ strongSwan Denial Of Service Vulnerability - Aug09 Authors: Antu Sanadi Copyright: Copyright c 2009 Greenbone Networks GmbH,...