CVE-2026-33549

SPIP 4.4.10 through 4.4.12 before 4.4.13 allows unintended privilege assignment of administrator privileges during the editing of an author data structure because of STATUT mishandling...

CVE-2026-22205

SPIP versions prior to 4.4.10 contain an authentication bypass vulnerability caused by PHP type juggling that allows unauthenticated attackers to access protected information. Attackers can exploit loose type comparisons in authentication logic to bypass login verification and retrieve sensitive...

CVE-2025-55757 Extension - virtuemart.net - XSS in VirtueMart component 1.0.0 - 4.4.10 for Joomla

A unauthenticated reflected XSS vulnerability in VirtueMart 1.0.0-4.4.10 for Joomla was discovered...

OPENSUSE-SU-2025:15636-1 libwireshark18-4.4.10-2.1 on GA media

These are all security issues fixed in the libwireshark18-4.4.10-2.1 package on the GA media of openSUSE Tumbleweed...

EUVD-2023-31234

Malicious code in bioql PyPI...

CVE-2024-51667

Missing Authorization vulnerability in paytiumsupport Paytium paytium.This issue affects Paytium: from n/a through = 4.4.10...

WordPress plugin AppPresser – Mobile App Framework 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerability...

WordPress AppPresser plugin <= 4.4.10 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by wesley wcraft in WordPress Plugin AppPresser versions = 4.4.10...

WordPress plugin Paytium 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2024-26572 · Unknown · Tileserver-Gl

Name of the Vulnerable Software and Affected Versions: tileserver-gl versions up to 4.4.10 Description: The issue is a cross-site scripting XSS vulnerability. It affects the component "/data/v3/?key". Recommendations: For versions up to 4.4.10, update to a version later than 4.4.10 to resolve the...

TileServer GL 安全漏洞

TileServer GL is an open source map server for vector blocks from the Maptiler team. A security vulnerability exists in TileServer GL v4.4.10 and earlier, which stems from a cross-site scripting XSS vulnerability in component /data/v3/?key...

CVE-2023-22727

CakePHP is a development framework for PHP web apps. In affected versions the Cake\Database\Query::limit and Cake\Database\Query::offset methods are vulnerable to SQL injection if passed un-sanitized user request data. This issue has been fixed in 4.2.12, 4.3.11, 4.4.10. Users are advised to...

MongoDB DoS Vulnerability (SERVER-59294) - Linux

MongoDB is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mongodb:mongodb"; if...

Fastspot BigTree SQL注入漏洞

BigTree CMS is an open source content management system based on PHP and MySQL. A SQL injection vulnerability exists in /core/feeds/custom.php in BigTree CMS 4.4.10 and earlier versions. An attacker can exploit this vulnerability to inject malicious SQL queries into the application via the 'Creat...