CVE-2026-23960 Argo Workflows affected by stored XSS in the artifact directory listing

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.6.17 and 3.7.8, stored XSS in the artifact directory listing allows any workflow author to execute arbitrary JavaScript in another user’s browser under the Argo...

EUVD-2009-2364

Malware in sbrugna...

PT-2025-27254 · Unknown · Espasyncwebserver

Name of the Vulnerable Software and Affected Versions: ESPAsyncWebServer versions up to and including 3.7.8 Description: A CRLF injection vulnerability exists in the construction and output of HTTP headers within AsyncWebHeader.cpp. Unsanitized input allows attackers to inject CR r or LF characte...

CVE-2009-2368

Unspecified vulnerability in Socks Server 5 before 3.7.8-8 has unknown impact and attack vectors...

CVE-2025-26988

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cozy Vision SMS Alert Order Notifications – WooCommerce allows SQL Injection. This issue affects SMS Alert Order Notifications – WooCommerce: from n/a through 3.7.8...

CVE-2025-26984

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Cozy Vision SMS Alert Order Notifications – WooCommerce allows Reflected XSS. This issue affects SMS Alert Order Notifications – WooCommerce: from n/a through 3.7.8...

CVE-2025-26988 WordPress SMS Alert Order Notifications – WooCommerce plugin <= 3.7.8 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cozy Vision SMS Alert Order Notifications sms-alert allows SQL Injection.This issue affects SMS Alert Order Notifications: from n/a through = 3.7.8...

WordPress plugin SMS Alert Order Notifications – WooCommerce SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin SMS Alert Order Notifications...

WordPress SMS Alert Order Notifications – WooCommerce plugin <= 3.7.8 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Hakiduck in WordPress Plugin SMS Alert Order Notifications versions = 3.7.8...

WordPress SMS Alert Order Notifications – WooCommerce plugin <= 3.7.8 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Hakiduck Patchstack Alliance in WordPress Plugin SMS Alert Order Notifications versions = 3.7.8...

WordPress plugin ElementsKit Pro 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

CVE-2024-23833

OpenRefine is a free, open source power tool for working with messy data and improving it. A jdbc attack vulnerability exists in OpenRefineversion=3.7.7 where an attacker may construct a JDBC query which may read files on the host filesystem. Due to the newer MySQL driver library in the latest...

Design/Logic Flaw

OpenRefine is a free, open source power tool for working with messy data and improving it. A jdbc attack vulnerability exists in OpenRefineversion=3.7.7 where an attacker may construct a JDBC query which may read files on the host filesystem. Due to the newer MySQL driver library in the latest...

CVE-2024-23833 OpenRefine JDBC Attack Vulnerability

OpenRefine is a free, open source power tool for working with messy data and improving it. A jdbc attack vulnerability exists in OpenRefineversion=3.7.7 where an attacker may construct a JDBC query which may read files on the host filesystem. Due to the newer MySQL driver library in the latest...

WordPress Ultimate Dashboard Plugin <= 3.7.7 is vulnerable to Cross Site Scripting (XSS)

Software Ultimate Dashboard Type Plugin Vulnerable versions = 3.7.7 Fixed in 3.7.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4726 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID f3f77cbb9f76 Credits Marco Wotschka Requir...

Mobile Security Framework Security Vulnerability

Mobile Security Framework MobSF is Mobile Security Framework open source an automated all-in-one mobile application . Used for penetration testing, malware analysis and security assessments, it is capable of performing both static and dynamic analysis. A security vulnerability exists in Mobile...

PT-2023-28302 · Unknown · Mobile Security Framework

Name of the Vulnerable Software and Affected Versions: Mobile Security Framework MobSF versions =3.7.8 Beta Description: The issue is related to Insecure Permissions. The vendor's position is that authentication is intentionally not implemented because the product is not intended for an untrusted...

UBUNTU-CVE-2020-25628

The filter in the tag manager required extra sanitizing to prevent a reflected XSS risk. This affects 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versions. Fixed in 3.9.2, 3.8.5, 3.7.8 and 3.5.14...

PT-2020-16140 · Moodle +1 · Moodle +1

Name of the Vulnerable Software and Affected Versions: Moodle versions 3.7 through 3.7.7 Moodle versions 3.8 through 3.8.4 Moodle versions 3.9 through 3.9.1 Description: A vulnerability was found in Moodle where it was possible to include JavaScript in a book's chapter title, which was not escape...

PT-2020-16138 · Moodle +1 · Moodle +1

Name of the Vulnerable Software and Affected Versions: Moodle versions 3.5 through 3.5.13 Moodle versions 3.7 through 3.7.7 Moodle versions 3.8 through 3.8.4 Moodle versions 3.9 through 3.9.1 Description: A vulnerability was found in Moodle where users with Log in as capability in a course contex...