EUVD-2025-24706

Malicious code in bioql PyPI...

CVE-2025-54688

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetEngine jet-engine allows Stored XSS.This issue affects JetEngine: from n/a through = 3.7.1.2...

CVE-2025-54688 WordPress JetEngine Plugin plugin <= 3.7.1.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetEngine allows Stored XSS. This issue affects JetEngine: from n/a through 3.7.1.2...

CVE-2025-54688

CVE-2025-54688 is a stored XSS in the WordPress plugin JetEngine (versions ≤ 3.7.1.2) caused by improper neutralization of input during web page generation. The vulnerability is reported as an authenticated Stored XSS, meaning an attacker with appropriate access could inject scripts that are late...

CVE-2025-54688 WordPress JetEngine Plugin plugin <= 3.7.1.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetEngine jet-engine allows Stored XSS.This issue affects JetEngine: from n/a through = 3.7.1.2...

WordPress plugin JetEngine 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

PT-2025-33240 · WordPress · Crocoblock Jetengine

Name of the Vulnerable Software and Affected Versions: Crocoblock JetEngine versions through 3.7.1.2 Description: A Stored Cross-site Scripting XSS issue exists in Crocoblock JetEngine due to improper neutralization of input during web page generation. This allows an attacker to inject malicious...

CVE-2023-4037

Blind SQL injection vulnerability in the Conacwin 3.7.1.2 web interface, the exploitation of which could allow a local attacker to obtain sensitive data stored in the database by sending a specially crafted SQL query to the xml parameter...

Setelsa Conacwin 3.7.1.2 - Local File Inclusion

Exploit Title: Setelsa Conacwin 3.7.1.2 - Local File Inclusion Date: 02/09/20 Exploit Author: Bryan Rodriguez Martin AKA tr3mb0 Vendor Homepage: http://setelsa-security.es/productos/control-de-acceso/ Version: 3.7.1.2 Tested on: Windows FIX: The recommendation from the vendor is to update to the...

CVE-2020-25068

Setelsa Conacwin v3.7.1.2 is vulnerable to a local file inclusion vulnerability. This vulnerability allows a remote unauthenticated attacker to read internal files on the server via an http:IP:PORT/../../path/filetodisclose Directory Traversal URI. NOTE: The manufacturer indicated that the affect...