CVE-2026-3646

The CVE concerns the WordPress plugin LTL Freight Quotes – R+L Carriers Edition (versions up to and including 3.3.13). A standalone PHP webhook handler processes GET parameters without proper authentication, authorization, or nonce verification, allowing unauthenticated attackers to modify subscr...

WordPress plugin LTL Freight Quotes – R+L Carriers Edition 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

CVE-2026-28803 Open Forms possible to view submission details of other people than intended

Open Forms allows users create and publish smart forms. Prior to 3.3.13 and 3.4.5, to be able to cosign, the cosigner receives an e-mail with instructions or a deep-link to start the cosign flow. The submission reference is communicated so that the user can retrieve the submission to be cosigned...

PT-2026-24717

Open Forms allows users create and publish smart forms. Prior to 3.3.13 and 3.4.5, to be able to cosign, the cosigner receives an e-mail with instructions or a deep-link to start the cosign flow. The submission reference is communicated so that the user can retrieve the submission to be cosigned...

Open Forms 访问控制错误漏洞

Open Forms is an open-source intelligent dynamic form tool. It is used to quickly create powerful and intelligent forms that can be exposed via APIs. Versions of Open Forms prior to 3.3.13 and 3.4.5 contained a access control vulnerability. This vulnerability allowed attackers to guess or modify...

EUVD-2022-5125

Malicious code in bioql PyPI...

CVE-2020-11004

SQL Injection was discovered in Admidio before version 3.3.13. The main cookie parameter is concatenated into a SQL query without any input validation/sanitization, thus an attacker without logging in, can send a GET request with arbitrary SQL queries appended to the cookie parameter and execute...

WordPress Order Tracking – WordPress Status Tracking Plugin plugin < 3.3.13 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin Order Tracking versions 3.3.13...

J2Store plugin SQL Injection Vulnerability

Joomla! is the U.S. Open Source Matters team using PHP and MySQL development of a set of open source , cross-platform content management system CMS. J2Store plugin is used in one of the e-commerce plug-ins . A SQL injection vulnerability exists in Joomla! J2Store plugin versions prior to 3.3.13...

CVE-2020-11004

SQL Injection was discovered in Admidio before version 3.3.13. The main cookie parameter is concatenated into a SQL query without any input validation/sanitization, thus an attacker without logging in, can send a GET request with arbitrary SQL queries appended to the cookie parameter and execute...

CVE-2020-11004

SQL Injection was discovered in Admidio before version 3.3.13. The main cookie parameter is concatenated into a SQL query without any input validation/sanitization, thus an attacker without logging in, can send a GET request with arbitrary SQL queries appended to the cookie parameter and execute...

Sql injection

SQL Injection was discovered in Admidio before version 3.3.13. The main cookie parameter is concatenated into a SQL query without any input validation/sanitization, thus an attacker without logging in, can send a GET request with arbitrary SQL queries appended to the cookie parameter and execute...

CVE-2020-11004 SQL Injection in Admidio

SQL Injection was discovered in Admidio before version 3.3.13. The main cookie parameter is concatenated into a SQL query without any input validation/sanitization, thus an attacker without logging in, can send a GET request with arbitrary SQL queries appended to the cookie parameter and execute...

GetSimple CMS Open Redirect Vulnerability

GetSimple CMS is an XML-based, completely self-contained, streamlined content management system. An open redirect vulnerability exists in GetSimple CMS 3.3.13. An attacker can exploit this vulnerability via the admin/index.php redirect parameter to conduct redirection attacks...

GetSimple CMS Cross-Site Scripting Vulnerability

Cagintranet Networks GetSimple CMS is an XML-based content management system CMS from Cagintranet Networks, USA. The system includes a theme selector and editor, component editor, image and file managers, and more. A cross-site scripting vulnerability exists in the...

Cagintranet Networks GetSimple CMS Cross-Site Scripting Vulnerability

Cagintranet Networks GetSimple CMS is an XML-based content management system CMS from Cagintranet Networks, USA. The system includes a theme selector and editor, component editor, image and file managers, and more. A cross-site scripting vulnerability exists in Cagintranet Networks GetSimple CMS...

Squid: Multiple vulnerabilities

Background Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Description An assertion failure in processing of SSL-Bump has been found in Squid. Heap based overflow is discovered when processing SNMP requests. Impact A remote attacker could send a specially crafted...