CVE-2026-45444

Unrestricted Upload of File with Dangerous Type vulnerability in WP Swings Gift Cards For WooCommerce Pro allows Using Malicious Files. This issue affects Gift Cards For WooCommerce Pro: from n/a through 4.2.6...

Linux Distros Unpatched Vulnerability : CVE-2026-33151

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prior to versions 3.3.5, 3.4.4, and 4.2.6, a specially crafted...

CVE-2026-24355

Summary: CVE-2026-24355 is a Stored XSS in the Houzez Theme - Functionality (Houzez Theme - Functionality plugin) for WordPress. The issue arises from improper neutralization of input during web page generation, allowing stored malicious payloads to be executed in the context of the affected site...

WordPress plugin Houzez Theme – Functionality: Cross-site scripting vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2025-64367

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Adrian Tobey Groundhogg groundhogg allows Stored XSS.This issue affects Groundhogg: from n/a through = 4.2.6...

CVE-2025-10147

The Podlove Podcast Publisher plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'moveasoriginalfile' function in all versions up to, and including, 4.2.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the...

WordPress Podlove Podcast Publisher plugin <= 4.2.6 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Podlove Podcast Publisher versions = 4.2.6...

VulnCheck KEV: CVE-2017-7876

This command injection vulnerability in QTS allows attackers to run arbitrary commands in the compromised application. QNAP have already fixed the issue in QTS 4.2.6 build 20170517, QTS 4.3.3.0174 build 20170503 and later versions...

CVE-2024-31490

CVE-2024-31490 affects Fortinet FortiSandbox products (FortiSandbox 4.4.0–4.4.4; 4.2.1–4.2.6; 4.0 all versions; 3.2.2–3.2.4; 3.1.5). The issue is an information disclosure via HTTP GET requests, enabling an attacker to access sensitive information. The connected documents confirm the affected ver...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : wireshark (SUSE-SU-2024:3165-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3165-1 advisory. wireshark was updated from version 3.6.23 to version 4.2.6 jscPED-8517: - Security issues fixed...

SUSE-SU-2024:3165-1 Security update for wireshark

This update for wireshark fixes the following issues: wireshark was updated from version 3.6.23 to version 4.2.6 jscPED-8517: - Security issues fixed with this update: CVE-2024-0207: HTTP3 dissector crash bsc1218503 CVE-2024-0210: Zigbee TLV dissector crash bsc1218506 CVE-2024-0211: DOCSIS...

CVE-2024-7651

The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to limited SQL Injection via the ‘app-builder-search’ parameter in all versions up to, and including, 4.2.6 due to insufficient escaping on the user supplied parameter and lack of sufficient...

CVE-2024-7651

CVE-2024-7651 affects the WordPress plugin “App Builder – Create Native Android & iOS Apps On The Flight”. The vulnerability is an unauthenticated limited SQL injection via the app-builder-search parameter in versions up to 4.2.6, caused by insufficient escaping and lack of proper query preparati...

WordPress plugin App Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

(ReDoS) Regular Expression Denial of Service in tf2-item-format

Summary Versions of tf2-item-format since at least 4.2.6 are vulnerable to a Regular Expression Denial of Service ReDoS attack when parsing crafted user input. Tested Versions - 5.9.13 - 5.8.10 - 5.7.0 - 5.6.17 - 4.3.5 - 4.2.6 v5 Upgrade package to ^5.9.14 v4 No patch exists. Please consult the v...

Wireshark Security Update (wnpa-sec-2024-10) - Linux

Wireshark is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wireshark:wireshark"...

WordPress Ultimate Auction Plugin <= 4.2.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Ultimate Auction Type Plugin Vulnerable versions = 4.2.5 Fixed in 4.2.6 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-37543 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ed8502cd34a3 Credits Majed Refaea...

CVE-2024-35374

Mocodo Mocodo Online 4.2.6 and below does not properly sanitize the sqlcase input field in /web/generate.php, allowing remote attackers to execute arbitrary commands and potentially command injection, leading to remote code execution RCE under certain conditions...

WordPress Popup Builder Plugin <= 4.2.6 is vulnerable to Cross Site Scripting (XSS)

Software Popup Builder Type Plugin Vulnerable versions = 4.2.6 Fixed in 4.2.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30184 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID be71da5ede09 Credits LVT-tholv2k Required privilege Contribut...

Hardcoded credentials

In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars and words methods when used with html=True are subject to a potential DoS denial of service attack via certain inputs with very long, potentially malformed HTML text. The chars and words...