CVE-2025-15157

The Starfish Review Generation & Marketing for WordPress plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'srmrestoreoptionsdefaults' function in all versions up to, and including, 3.1.19. This...

CVE-2025-15157

The Starfish Review Generation & Marketing for WordPress plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'srmrestoreoptionsdefaults' function in all versions up to, and including, 3.1.19. This...

CVE-2025-15157

The Starfish Review Generation & Marketing for WordPress plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'srmrestoreoptionsdefaults' function in all versions up to, and including, 3.1.19. This...

CVE-2025-15157

The CVE applies to the WordPress plugin Starfish Review Generation & Marketing (WordPress

CVE-2026-24694

The installer for Roland Cloud Manager ver.3.1.19 and prior insecurely loads Dynamic Link Libraries DLLs, which could allow an attacker to execute arbitrary code with the privileges of the application...

CVE-2026-24694

The installer for Roland Cloud Manager ver.3.1.19 and prior insecurely loads Dynamic Link Libraries DLLs, which could allow an attacker to execute arbitrary code with the privileges of the application...

EUVD-2025-30598

Malicious code in bioql PyPI...

CVE-2025-58031

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nextendweb Nextend Facebook Connect nextend-facebook-connect allows Stored XSS.This issue affects Nextend Facebook Connect : from n/a through = 3.1.19...

PT-2025-38880

Name of the Vulnerable Software and Affected Versions Nextendweb Nextend Facebook Connect versions through 3.1.19 Description The software contains a flaw due to improper neutralization of input during web page generation, which allows for Stored Cross-site Scripting XSS. This means that maliciou...

CVE-2025-21609

SiYuan is self-hosted, open source personal knowledge management software. SiYuan Note version 3.1.18 has an arbitrary file deletion vulnerability. The vulnerability exists in the POST /api/history/getDocHistoryContent endpoint. An attacker can craft a payload to exploit this vulnerability,...

SUSE CVE-2025-21609

SiYuan is self-hosted, open source personal knowledge management software. SiYuan Note version 3.1.18 has an arbitrary file deletion vulnerability. The vulnerability exists in the POST /api/history/getDocHistoryContent endpoint. An attacker can craft a payload to exploit this vulnerability,...

CVE-2025-21609

SiYuan is self-hosted, open source personal knowledge management software. SiYuan Note version 3.1.18 has an arbitrary file deletion vulnerability. The vulnerability exists in the POST /api/history/getDocHistoryContent endpoint. An attacker can craft a payload to exploit this vulnerability,...

CVE-2025-21609 SiYuan has an arbitrary file deletion vulnerability

SiYuan is self-hosted, open source personal knowledge management software. SiYuan Note version 3.1.18 has an arbitrary file deletion vulnerability. The vulnerability exists in the POST /api/history/getDocHistoryContent endpoint. An attacker can craft a payload to exploit this vulnerability,...

CVE-2025-21609 SiYuan has an arbitrary file deletion vulnerability

SiYuan is self-hosted, open source personal knowledge management software. SiYuan Note version 3.1.18 has an arbitrary file deletion vulnerability. The vulnerability exists in the POST /api/history/getDocHistoryContent endpoint. An attacker can craft a payload to exploit this vulnerability,...

CVE-2025-21609

CVE-2025-21609 affects SiYuan Note 3.1.18. The vulnerability exists in the POST /api/history/getDocHistoryContent endpoint, where an attacker can craft a payload to cause arbitrary file deletion on the server. The issue is addressed by commit d9887aeec1b27073bec66299a9a4181dc42969f3, with a fix e...

PT-2024-14185 · WordPress · Icegram Engage

Name of the Vulnerable Software and Affected Versions: Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building versions through 3.1.19 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as 'Cross-site...

WordPress Icegram Plugin <= 3.1.19 is vulnerable to Cross Site Scripting (XSS)

Software Icegram Type Plugin Vulnerable versions = 3.1.19 Fixed in 3.1.20 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-51532 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID eac57c24cf8c Credits Huynh Tien Si Required privilege Contributor...

WebHost Automation Helm Control Panel 3.1.x Multiple Input Validation Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/11586/info Helm Control Panel is reported prone to multiple vulnerabilities. These include an SQL injection issue and an HTML injection vulnerability. A remote attacker can execute arbitrary HTML and script code in a user...

OTRS Multiple Vulnerabilities (OSA-2014-01, OSA-2014-02)

Open Ticket Request System OTRS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:otrs:otrs";...

CVE-2004-1498

SQL injection vulnerability in the compose message form in HELM 3.1.19 and earlier allows remote attackers to execute arbitrary SQL commands via the messageToUserAccNum parameter...