EUVD-2026-11862

Improper Control of Generation of Code 'Code Injection' vulnerability in Yannick Lefebvre Modal Dialog modal-dialog allows Remote Code Inclusion.This issue affects Modal Dialog: from n/a through = 3.5.16...

CVE-2026-32367

CVE-2026-32367 concerns the WordPress WordPress Modal Dialog plugin, vulnerable through the component “modal-dialog” up to version 3.5.16. The issue is described as an improper control of code generation, i.e., a Remote Code Inclusion/Execution vulnerability. Public records in the connected sourc...

CVE-2026-32367 WordPress Modal Dialog plugin <= 3.5.16 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Yannick Lefebvre Modal Dialog modal-dialog allows Remote Code Inclusion.This issue affects Modal Dialog: from n/a through = 3.5.16...

PT-2026-25214

Improper Control of Generation of Code 'Code Injection' vulnerability in Yannick Lefebvre Modal Dialog modal-dialog allows Remote Code Inclusion.This issue affects Modal Dialog: from n/a through = 3.5.16...

WordPress JetSearch plugin <= 3.5.16 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Bonds in WordPress Plugin JetSearch versions = 3.5.16...

CVE-2025-68504 WordPress JetSearch plugin <= 3.5.16 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetSearch jet-search allows DOM-Based XSS.This issue affects JetSearch: from n/a through = 3.5.16...

CVE-2025-68504 WordPress JetSearch plugin <= 3.5.16 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetSearch jet-search allows DOM-Based XSS.This issue affects JetSearch: from n/a through = 3.5.16...

CVE-2025-68504

CVE-2025-68504 is a DOM-based XSS in Crocoblock JetSearch for WordPress. Affected: JetSearch up to and including version 3.5.16; requires authenticated access (Contributor+). The issue is a stored cross-site scripting vulnerability during web page generation. Mitigation: update JetSearch to a pat...

GHSA-H8M4-H385-QHQV Moodle Cross-site Scripting

It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that if the TeX notation filter was enabled, additional sanitizing of TeX content was required to prevent the risk of stored XSS...

Moodle Cross-site Scripting

It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that if the TeX notation filter was enabled, additional sanitizing of TeX content was required to prevent the risk of stored XSS...

CVE-2021-21869

An unsafe deserialization vulnerability exists in the Engine.plugin ProfileInformation ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this...

CVE-2021-21863

A unsafe deserialization vulnerability exists in the ComponentModel Profile.FromFile functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability...

PT-2021-7779 · 3S Smart Software Solutions · Codesys Development System

Name of the Vulnerable Software and Affected Versions: CODESYS Development System versions 3.5.16 through 3.5.17 Description: A unsafe deserialization vulnerability exists in the ComponentModel Profile.FromFile functionality. This issue is related to deficiencies in the deserialization mechanism,...

CVE-2021-21864

A unsafe deserialization vulnerability exists in the ComponentModel ComponentManager.StartupCultureSettings functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to...

PT-2021-2239 · Moodle +1 · Moodle +1

Name of the Vulnerable Software and Affected Versions: Moodle versions prior to 3.10.1 Moodle versions prior to 3.9.4 Moodle versions prior to 3.8.7 Moodle versions prior to 3.5.16 Description: The issue is related to insufficient cleaning of user-provided data in the TeX notation filter of the...

Debian: Security Advisory (DSA-2553-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian Security Advisory DSA 2565-1 (iceweasel)

The remote host is missing an update to iceweasel announced via advisory DSA 2565-1. OpenVAS Vulnerability Test $Id: deb25651.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2565-1 iceweasel Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

Debian: Security Advisory (DSA-2514-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PHPX news_id SQL Injection Vulnerability (Nov 2008)

PHPX is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

phpx-cookie.txt

======================================================================= = gnix = gnixmail at gmail dot com http://gnix.netsons.org Application: phpx http://www.phpx.org/project.php stable version Versions: 3.5.16 Platforms: All Bug: Cookie poisoning / Login bypass Date: 31 July 2008...