EUVD-2026-20154

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Chill Download Monitor download-monitor allows Blind SQL Injection.This issue affects Download Monitor: from n/a through = 5.1.8...

CVE-2026-39486

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Chill Download Monitor download-monitor allows Blind SQL Injection.This issue affects Download Monitor: from n/a through = 5.1.8...

CVE-2026-39486

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Chill Download Monitor download-monitor allows Blind SQL Injection.This issue affects Download Monitor: from n/a through = 5.1.8...

PT-2026-28427

Name of the Vulnerable Software and Affected Versions Download Monitor plugin for WordPress versions prior to 5.1.8 Description The software contains an Insecure Direct Object Reference issue in the executePayment function. Missing validation on a user-controlled key allows unauthenticated...

CVE-2026-25456 WordPress Automated FedEx live/manual rates with shipping labels plugin <= 5.1.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Aarsiv Groups Automated FedEx live/manual rates with shipping labels a2z-fedex-shipping allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automated FedEx live/manual rates with shipping labels: from n/a through = 5.1....

Inefficient Algorithmic Complexity

Overview minimatch is a minimal matching utility. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity via the matchOne function. An attacker can cause significant delays in processing and stall the event loop by supplying specially crafted glob patterns containi...

EUVD-2025-3890

Malicious code in bioql PyPI...

CVE-2025-24698 WordPress Essential Real Estate plugin <= 5.1.8 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in g5theme Essential Real Estate essential-real-estate allows Cross Site Request Forgery.This issue affects Essential Real Estate: from n/a through = 5.1.8...

WordPress UserPro plugin <= 5.1.8 - Unauthenticated Account Takeover vulnerability

Unauthenticated Account Takeover vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Userpro versions = 5.1.8...

PT-2024-26846 · WordPress · The Poll Maker – Best Wordpress Poll Plugin

Name of the Vulnerable Software and Affected Versions: The Poll Maker – Best WordPress Poll Plugin versions up to, and including, 5.1.8 Description: The issue is related to unauthorized access of data due to a missing capability check on the ays poll create author function. This allows...

WordPress Poll Maker plugin <= 5.1.8 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting vulnerability

Missing Authorization to Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Krzysztof Zając in WordPress Plugin Poll Maker versions = 5.1.8...

WordPress plugin Responsive Pricing Table Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

SUSE CVE-2016-5608

Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect availability via vectors related to Core, a different vulnerability than CVE-2016-5613...

Linux kernel resource management error vulnerability (CNVD-2019-32357)

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A resource management error vulnerability exists in the drivers/usb/misc/rio500.c file in versions of Linux kernel prior to 5.1.8. The vulnerability arises from a...

PT-2019-3106 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.1.8 Description: The issue is related to a NULL pointer dereference in the drivers/usb/misc/sisusbvga/sisusb.c driver, caused by a malicious USB device. This can lead to a denial of service. Recommendations: F...

SeedDMS cross-site scripting vulnerability (CNVD-2018-17472)

SeedDMS formerly known as LetoDMS and MyDMS is SeedDMS enthusiasts jointly developed a set of PHP and MySql-based open source document management system . The system is mainly used to store and share documents. A cross-site scripting vulnerability exists in the 'Categories' feature in SeedDMS...

Momentum Axel 720P Information Disclosure Vulnerability

The Momentum Axel 720P is a dual-band HD camera that supports WiFi connectivity. A security vulnerability exists in Momentum Axel 720P version 5.1.8. An attacker can exploit the vulnerability by issuing the 'showKey' command to obtain a plaintext password...

CVE-2018-12260

An issue was discovered on Momentum Axel 720P 5.1.8 devices. The root password can be obtained in cleartext by issuing the command 'showKey' from the root CLI. This password may be the same on all devices...

CVE-2018-12261

An issue was discovered on Momentum Axel 720P 5.1.8 devices. All processes run as root...

CVE-2016-5613

Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect availability via vectors related to Core, a different vulnerability than CVE-2016-5608...