SUSE CVE-2026-29183

SiYuan is a personal knowledge management system. Prior to version 3.5.9, an unauthenticated reflected XSS vulnerability exists in the dynamic icon API endpoint "GET /api/icon/getDynamicIcon" when type=8, attacker-controlled content is embedded into SVG output without escaping. Because the endpoi...

Wondershare MobileTrans 代码问题漏洞

Wondershare MobileTrans is a cell phone data transfer software from China Wanxing Technology Wondershare. A code issue vulnerability exists in Wondershare MobileTrans version 3.5.9, which stems from an unquoted path to the ElevationService service, and could lead to code execution and elevation o...

PT-2026-2379

Name of the Vulnerable Software and Affected Versions Wondershare MobileTrans version 3.5.9 Description The software contains an unquoted service path vulnerability within the ElevationService. This allows local users to potentially execute code with elevated system privileges. Exploitation...

CVE-2025-68979

Authorization Bypass Through User-Controlled Key vulnerability in SimpleCalendar Google Calendar Events google-calendar-events allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Google Calendar Events: from n/a through = 3.5.9...

CVE-2025-68979

Authorization Bypass Through User-Controlled Key vulnerability in SimpleCalendar Google Calendar Events google-calendar-events allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Google Calendar Events: from n/a through = 3.5.9...

PT-2025-53869

Name of the Vulnerable Software and Affected Versions SimpleCalendar versions through 3.5.9 Description An authorization bypass exists due to user-controlled key vulnerability in Google Calendar Events. This allows exploitation of incorrectly configured access control security levels...

WordPress Google Calendar Events plugin <= 3.5.9 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Doan Dinh Van in WordPress Plugin Google Calendar Events versions = 3.5.9...

CVE-2025-11171

The Chartify – WordPress Chart Plugin for WordPress is vulnerable to Missing Authentication for Critical Function in all versions up to, and including, 3.5.9. This is due to the plugin registering an unauthenticated AJAX action that dispatches to admin-class methods based on a request parameter,...

CVE-2025-11171

The Chartify – WordPress Chart Plugin for WordPress is vulnerable to Missing Authentication for Critical Function in all versions up to, and including, 3.5.9. This is due to the plugin registering an unauthenticated AJAX action that dispatches to admin-class methods based on a request parameter,...

EUVD-2024-43369

Malicious code in bioql PyPI...

CVE-2023-5448

The WP Register Profile With Shortcode plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.9. This is due to missing or incorrect nonce validation on the updatepasswordvalidate function. This makes it possible for unauthenticated attackers to res...

CVE-2024-31097

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Stephan Spencer SEO Title Tag allows Reflected XSS.This issue affects SEO Title Tag: from n/a through 3.5.9...

CVE-2024-49306

Cross-Site Request Forgery CSRF vulnerability in WP-buy WP Content Copy Protection & No Right Click allows Cross Site Request Forgery.This issue affects WP Content Copy Protection & No Right Click: from n/a through 3.5.9...

WordPress plugin WP Content Copy Protection & No Right Click 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists in...

WordPress WP Content Copy Protection & No Right Click plugin <= 3.5.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin WP Content Copy Protection & No Right Click versions = 3.5.9...

GHSA-5M3J-PXH7-455P Apache CXF: SSRF vulnerability via WADL stylesheet parameter

A SSRF vulnerability in WADL service description in versions of Apache CXF before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform SSRF style attacks on REST webservices. The attack only applies if a custom stylesheet parameter is configured...

WordPress SEO Title Tag plugin <= 3.5.9 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Dimas Maulana Patchstack Alliance in WordPress Plugin SEO Title Tag versions = 3.5.9...

CVE-2024-28216

nGrinder before 3.5.9 allows an attacker to obtain the results of webhook requests due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery...

CVE-2024-28212

nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute arbitrary code via unsafe deserialization...

CVE-2023-5448

The WP Register Profile With Shortcode plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.9. This is due to missing or incorrect nonce validation on the updatepasswordvalidate function. This makes it possible for unauthenticated attackers to res...