CVE-2026-27128

Craft is a content management system CMS. In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, a Time-of-Check-Time-of-Use TOCTOU race condition exists in Craft CMS’s token validation service for tokens that explicitly set a limited usage. The getTokenRoute method reads a token’s...

PT-2026-6550

Name of the Vulnerable Software and Affected Versions iomad versions prior to 4.5 LTS iomad versions prior to 5.0 Description A flaw exists in iomad that allows for remote execution of SQL injection attacks. The issue resides within an unknown function of the Company Admin Block component...

CVE-2023-40210

Cross-Site Request Forgery CSRF vulnerability in Sean Barton Tortoise IT SB Child List plugin = 4.5 versions...

blender-4.5-4.5.4-1.1 on GA media (moderate)

blender-4.5-4.5.4-1.1 on GA media Announcement ID: openSUSE-SU-2025:15755-1 Rating: moderate Cross-References: CVE-2022-0544 CVE-2022-0545 CVE-2022-0546 Affected Products: openSUSE Tumbleweed An update that solves 3 vulnerabilities can now be installed. Description: These are all security issues...

EUVD-2016-10664

Malware in sbrugna...

EUVD-2020-4183

Malware in sbrugna...

EUVD-2022-7459

Malicious code in bioql PyPI...

EUVD-2025-23511

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2016-2040

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated...

CVE-2025-1139

CVE-2025-1139 affects IBM Edge Application Manager 4.5. A local user can read or modify resources due to incorrect permission assignment. Root cause: improper/incorrect permission provisioning. Impact: unauthorized access to resources on the device. Mitigation: upgrade to patched IBM Edge Applica...

PT-2025-34061 · Ibm · Edge Application Manager

Name of the Vulnerable Software and Affected Versions: IBM Edge Application Manager version 4.5 Description: IBM Edge Application Manager 4.5 may allow a local user to read or modify resources without proper authorization due to incorrect permission assignment. Recommendations: At the moment, the...

WordPress plugin BitFire Security 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...

Security Bulletin: IBM Cloud Pak for Data is vulnerable to to Cross-Site Request Forgery (CSRF) due to insecure debugger access in Werkzeug ( CVE-2024-34069)

Summary Potential vulnerabilities in Werkzeug has been identified that may affect IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-34069 DESCRIPTION: Werkzeug is a comprehensive WSGI web application library. The debugger in affected version...

PT-2025-23086 · Avast · Avast Business Antivirus For Linux

Name of the Vulnerable Software and Affected Versions: Avast Business Antivirus for Linux version 4.5 Description: The issue is related to a lack of file validation in the do update vps function, allowing a local user to potentially spoof or tamper with update files through unverified file writes...

PT-2025-22913 · Llisoft · Llisoft Mta Maita Training System

Name of the Vulnerable Software and Affected Versions: llisoft MTA Maita Training System version 4.5 Description: A critical issue has been found in the this.fileService.download function of the file comllisoftcontrollerOpenController.java. The manipulation of the url argument leads to unrestrict...

CVE-2024-54356

Cross-Site Request Forgery CSRF vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita meeting-scheduler-by-vcita allows Cross Site Request Forgery.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through = 4.5...

CVE-2023-25033

Cross-Site Request Forgery CSRF vulnerability in Sumo Social Share Boost plugin = 4.5 versions...

CVE-2022-3975

A vulnerability, which was classified as problematic, has been found in NukeViet CMS. Affected by this issue is the function filterAttr of the file vendor/vinades/nukeviet/Core/Request.php of the component Data URL Handler. The manipulation of the argument attrSubSet leads to cross site scripting...

CVE-2010-3318

IBM Records Manager RM 4.5.x before 4.5.1.1-IER-FP001 transmits passwords in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network...

Moodle 4.3.x < 4.3.8 Reflected XSS In Question Bank Filter

According to its self-reported version, the Moodle install hosted on the remote host is 4.3.x prior to 4.3.8 or 4.4.4 prior to 4.4.5 or 4.5.x prior to 4.5.1 . It is, therefore, affected by a Reflected XSS in question bank filter. Note that the scanner has not tested for these issues but has inste...