CVE-2024-31274

Missing Authorization vulnerability in WPDeveloper EmbedPress.This issue affects EmbedPress: from n/a through 3.9.11...

CVE-2025-0817

The FormCraft plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.9.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...

WordPress FormCraft plugin <= 3.9.11 - Missing Authorization to Plugin Data Export in formcraft-main.php vulnerability

Missing Authorization to Plugin Data Export in formcraft-main.php vulnerability discovered by Nguyễn Trung Kiên in WordPress Plugin FormCraft 3 versions = 3.9.11...

Malicious code in testcafe-reporter-ayx-reportportal (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 56e9fb2a7d91d090c5daebf11bf839a8c406149a5eb97098ced6820c0285e4ea The OpenSSF Package Analysis project identified 'testcafe-reporter-ayx-reportportal' @ 3.9.11 npm as malicious. It is considered malicious...

WordPress EmbedPress plugin <= 3.9.11 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin EmbedPress versions = 3.9.11...

vm2 < 3.9.11 Sandbox Escape Vulnerability

vm2 is prone to a sandbox escape vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:vm2project:vm2"; ifdescription...

WordPress Plugin Plainware Locatoraid Store Locator 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

GHSA-MRGP-MRHC-5JRQ vm2 vulnerable to Sandbox Escape resulting in Remote Code Execution on host

Impact A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. Patches This vulnerability was patched in the release of version 3.9.11 of vm2 Workarounds None. References Github Issue - https://github.com/patriksimek/vm2/issues/467 T...

CVE-2022-36067

vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. In versions prior to version 3.9.11, a threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of...

CVE-2022-36067

CVE-2022-36067 (vm2) is a Node.js sandbox vulnerability in the vm2 library. In versions prior to 3.9.11, the sandbox protections can be bypassed, allowing a threat actor to gain remote code execution on the host running the sandbox. The issue has been fixed in vm2 3.9.11. The Initial Description ...

WordPress Simple Download Monitor plugin <= 3.9.10 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by apple502j in WordPress Simple Download Monitor plugin versions = 3.9.10. Solution Update the WordPress Simple Download Monitor plugin to the latest available version at least 3.9.11...

Joomla! 1.6.2 < 3.9.11 Incorrect Access Control

According to its self-reported version number, the detected Joomla! application is affected by an incorrect access control vulnerability in versions 1.6.2 to 3.9.10 due to inadequate checks in comcontact. Note that the scanner has not tested for these issues but has instead relied only on the...

Debian Security Advisory DSA 408-1 (screen)

The remote host is missing an update to screen announced via advisory DSA 408-1. OpenVAS Vulnerability Test $Id: deb4081.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 408-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...