CVE-2026-5790

Stored Cross-Site Scripting XSS in Stel Order v3.25.1 and earlier, located at the ‘/app/FrontController’ endpoint via the ‘legalName’ and ‘employeeID’ parameters. The lack of proper input sanitization allows an attacker to inject malicious code that is persistently stored in the database. When...

CVE-2026-5790

CVE-2026-5790 describes a stored XSS in Stel Order (v3.25.1 and earlier) at the /app/FrontController endpoint, exploitable via the legalName and employeeID parameters. Lack of input sanitization allows injection that is persisted in the database and executed in other users’ browsers, enabling the...

PT-2026-40912

Stored Cross-Site Scripting XSS in Stel Order v3.25.1 and earlier, located at the ‘/app/FrontController’ endpoint via the ‘legalName’ and ‘employeeID’ parameters. The lack of proper input sanitization allows an attacker to inject malicious code that is persistently stored in the database. When...

PT-2026-40913

Unsafe object reference IDOR in Stel Order v3.25.1 and earlier versions, specifically in the ‘/app/FrontController’ endpoint, through manipulation of the ‘employeeID’ parameter. An authenticated attacker could exploit this vulnerability to access information about any employee first names, last...

EUVD-2020-7851

Malware in sbrugna...

wishlist-member-vuln-analysis

📄 Overview This repository contains a detailed analysis of a...

PT-2024-17211 · Dynamiapps · The Frontend Admin

Name of the Vulnerable Software and Affected Versions: The Frontend Admin by DynamiApps plugin for WordPress versions up to, and including, 3.25.1 Description: The issue allows unauthenticated attackers to perform SQL Injection via the orderby parameter due to insufficient escaping on the...

WordPress plugin Frontend Admin by DynamiApps SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in...

WordPress plugin WishList Member X security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-27460

A privilege escalation exists in the updater for Plantronics Hub 3.25.1 and below...

PT-2024-21911

Name of the Vulnerable Software and Affected Versions Plantronics Hub versions 3.25.1 and below Description A privilege escalation issue exists in the updater for Plantronics Hub, allowing attackers to gain elevated access. It is recommended to patch immediately and monitor for signs of compromis...

GPSd Number Error Vulnerability

gpsd is a daemon for receiving GPS data. A numeric error vulnerability exists in GPSd version 3.25.1dev. An attacker could exploit this vulnerability to cause memory corruption via specially crafted network packets...

PT-2023-27936 · Calico · Calico Typha +1

Name of the Vulnerable Software and Affected Versions: Calico Typha versions 3.26.2 and below Calico Typha version 3.25.1 Calico Enterprise Typha versions 3.17.1 and below Calico Enterprise Typha version 3.16.3 Calico Enterprise Typha version 3.15.3 Description: The issue arises when a client TLS...

CVE-2020-15871

Sonatype Nexus Repository Manager OSS/Pro version before 3.25.1 allows Remote Code Execution...

Facebook HHVM has an unspecified vulnerability

Facebook HHVM aka HipHop Virtual Machine is a virtual machine from Facebook that significantly improves the performance of loading dynamic pages in PHP. A security vulnerability exists in Facebook HHVM versions 3.25.1 and earlier, 3.24.5 and earlier, and 3.21.9 and earlier. Detailed vulnerability...