Jenkins Matrix Authorization Strategy Plugin: Unsafe deserialization allows invocation of parameterless constructors

Jenkins Matrix Authorization Strategy Plugin 2.0-beta-1 through 3.2.9 both inclusive invokes parameterless constructors of classes specified in configuration when deserializing inheritance strategies, without restricting the classes that can be instantiated. This can be abused by attackers with...

CVE-2026-0556

CVE-2026-0556 concerns the XO Event Calendar WordPress plugin (versions

CVE-2026-0556 XO Event Calendar <= 3.2.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'xo_event_field' shortcode

The XO Event Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'xoeventfield' shortcode in all versions up to, and including, 3.2.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress XO Event Calendar plugin <= 3.2.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'xo_event_field' shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'xoeventfield' shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin XO Event Calendar versions = 3.2.10...

WordPress plugin XO Event Calendar 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-20626

The XO Event Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'xo event field' shortcode in all versions up to, and including, 3.2.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-23218

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adicionarespecie.php endpoint. This vulnerability allows attackers to execute arbitrary SQL commands ...

CVE-2025-23219

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adicionarcor.php endpoint. This vulnerability allows attackers to execute arbitrary SQL commands in t...

CVE-2025-23220

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adicionarraca.php endpoint. This vulnerability allows attackers to execute arbitrary SQL commands in...

CVE-2025-46256

Path Traversal: '.../...//' vulnerability in SigmaPlugin Advanced Database Cleaner PRO allows Path Traversal.This issue affects Advanced Database Cleaner PRO: from n/a through 3.2.10...

WordPress plugin Advanced Database Cleaner PRO 安全漏洞

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is a WordPress Foundation application plugin. It is A security vulnerability exists in the...

EUVD-2025-28029

Malicious code in bioql PyPI...

EUVD-2025-21690

Malicious code in bioql PyPI...

EUVD-2022-6634

Malicious code in bioql PyPI...

WordPress Hestia theme <= 3.2.10 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Martino Spagnuolo r3verii in WordPress Theme Hestia versions = 3.2.10...

CVE-2025-46109

SQL Injection vulnerability in pbootCMS v.3.2.5 and v.3.2.10 allows a remote attacker to obtain sensitive information via a crafted GET request...

PbootCMS 安全漏洞

PbootCMS is a PbootCMS open source content management system CMS for building websites for open source businesses developed using the PHP language. A security vulnerability exists in PbootCMS version v3.2.5 and v3.2.10, which stems from uncleaned inputs and may lead to SQL injection attacks...

CVE-2025-4567

The Post Slider and Post Carousel with Post Vertical Scrolling Widget WordPress plugin before 3.2.10 does not validate and escape some of its Widget options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform...

CVE-2025-4567 Post Slider and Carousel with Widget < 3.2.10 - Admin+ Stored XSS

The Post Slider and Post Carousel with Post Vertical Scrolling Widget WordPress plugin before 3.2.10 does not validate and escape some of its Widget options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform...

CVE-2025-4567 Post Slider and Carousel with Widget < 3.2.10 - Admin+ Stored XSS

The Post Slider and Post Carousel with Post Vertical Scrolling Widget WordPress plugin before 3.2.10 does not validate and escape some of its Widget options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform...