CVE-2025-39477

Missing Authorization vulnerability in Sfwebservice InWave Jobs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects InWave Jobs: from n/a through 3.5.8...

CVE-2025-39477 WordPress InWave Jobs Plugin <= 3.5.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in Sfwebservice InWave Jobs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects InWave Jobs: from n/a through 3.5.8...

PT-2026-1494

Name of the Vulnerable Software and Affected Versions InWave Jobs versions through 3.5.8 Description The Sfwebservice InWave Jobs software contains a missing authorization issue, allowing exploitation of incorrectly configured access control security levels. An unauthenticated attacker can execut...

EUVD-2024-40056

Malicious code in bioql PyPI...

openSUSE Security Advisory (SUSE-SU-2025:03285-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-54056

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup Responsive HTML5 Audio Player PRO With Playlist lbg-audio2-html5 allows Reflected XSS.This issue affects Responsive HTML5 Audio Player PRO With Playlist: from n/a through = 3.5.8...

CVE-2025-54056

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup Responsive HTML5 Audio Player PRO With Playlist lbg-audio2-html5 allows Reflected XSS.This issue affects Responsive HTML5 Audio Player PRO With Playlist: from n/a through = 3.5.8...

CVE-2025-54056

CVE-2025-54056: Reflected XSS in LambertGroup Responsive HTML5 Audio Player PRO With Playlist due to improper input neutralization during page generation. Affected: WordPress plugin versions up to 3.5.8. Remediation: update to a version later than 3.5.8 (Patchstack/Red Hat/Wordfence references co...

CVE-2025-54056 WordPress Responsive HTML5 Audio Player PRO With Playlist <= 3.5.8 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup Responsive HTML5 Audio Player PRO With Playlist lbg-audio2-html5 allows Reflected XSS.This issue affects Responsive HTML5 Audio Player PRO With Playlist: from n/a through = 3.5.8...

WordPress plugin Responsive HTML5 Audio Player PRO With Playlist 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

PT-2025-34018 · Lambertgroup · Lambertgroup Responsive Html5 Audio Player Pro With Playlist

Name of the Vulnerable Software and Affected Versions: LambertGroup Responsive HTML5 Audio Player PRO With Playlist versions through 3.5.8 Description: The software contains an Improper Neutralization of Input During Web Page Generation issue, which allows for Reflected Cross-site Scripting XSS...

CVE-2024-56223

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Fahad Mahmood Gulri Slider gulri-slider allows Reflected XSS.This issue affects Gulri Slider: from n/a through = 3.5.8...

CVE-2024-56223

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Fahad Mahmood Gulri Slider allows Reflected XSS.This issue affects Gulri Slider: from n/a through 3.5.8...

WordPress plugin Gulri Slider 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

WordPress plugin BetterDocs 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

WordPress WP-Lister Lite for eBay plugin <= 3.5.8 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Aman Rawat Patchstack Alliance in WordPress Plugin WP-Lister Lite for eBay versions = 3.5.8...

WordPress WP Register Profile With Shortcode Plugin <= 3.5.8 is vulnerable to Cross Site Scripting (XSS)

Software WP Register Profile With Shortcode Type Plugin Vulnerable versions = 3.5.8 Fixed in 3.5.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23818 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a5f4f1aaab08 Credits Rio...

Design/Logic Flaw

Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for authentication. Starting in version 2.5.0 and prior to versions 3.5.8, 4.0.4, and 4.1.2, the LDAP query made during login is insecure and the attacker can perform LDAP injection...

WordPress plugin Simple Sitemap 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

Simple Sitemap < 3.5.8 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Exploit...