CVE-2026-9290

The affected product is the WordPress plugin “WP User Manager – User Profile Builder & Membership.” CVE-2026-9290 describes a Local File Inclusion (LFI) vulnerability in all versions up to and including 2.9.17, exploitable via the profile template scope function. This allows unauthenticated attac...

CVE-2020-12635

XSS exists in the WebForms Pro M2 extension before 2.9.17 for Magento 2 via the textarea field...

EUVD-2025-202015

Missing Authorization vulnerability in Gravitec.net - Web Push Notifications Gravitec.net Web Push Notifications gravitec-net-web-push-notifications allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gravitec.net Web Push Notifications: from n/a through =...

CVE-2025-62869

CVE-2025-62869 affects the WordPress plugin Gravitec.net – Web Push Notifications (versions

CVE-2025-62869 WordPress Gravitec.net – Web Push Notifications plugin <= 2.9.17 - Broken Access Control vulnerability

Missing Authorization vulnerability in Gravitec.net - Web Push Notifications Gravitec.net – Web Push Notifications gravitec-net-web-push-notifications allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gravitec.net – Web Push Notifications: from n/a through...

WordPress Gravitec.net – Web Push Notifications plugin <= 2.9.17 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Gravitec.net Web Push Notifications versions = 2.9.17...

EUVD-2024-2817

Malicious code in bioql PyPI...

CVE-2024-47075 DOM Clobbering gadgets found in layui that lead to Cross-site Scripting

LayUI is a native minimalist modular Web UI component library. Versions prior to 2.9.17 have a DOM Clobbering vulnerability that can lead to Cross-site Scripting XSS on web pages where attacker-controlled HTML elements e.g., img tags with unsanitized name attributes are present. Version 2.9.17...

CVE-2024-36106

Affected product: Argo CD (GitOps for Kubernetes). Vulnerability: Authenticated users may enumerate clusters by name via error messages and, if cluster names are known, enumerate project-scoped cluster names as well. Root cause / status: Information disclosure through verbose error messages. Impa...

PT-2024-5351 · Argo Cd · Argo Cd

Name of the Vulnerable Software and Affected Versions: Argo CD versions prior to 2.11.3 Argo CD versions prior to 2.10.12 Argo CD versions prior to 2.9.17 Description: The issue is related to insufficient authentication procedures when handling the "/api/v1/settings" endpoint, allowing unauthoriz...

Joplin 跨站脚本漏洞

Joplin is an open source notes and to-do list application. A security vulnerability exists in Joplin Desktop App prior to version v2.9.17, which stems from the presence of a cross-site scripting vulnerability that allows an attacker to execute arbitrary code via incorrect detection...

PT-2020-13175 · Magento · Webforms Pro M2

Name of the Vulnerable Software and Affected Versions: WebForms Pro M2 extension for Magento 2 versions prior to 2.9.17 Description: A cross-site scripting XSS issue exists in the WebForms Pro M2 extension for Magento 2. The issue is related to the textarea field. Recommendations: For versions...