WordPress WPQA <5.4 - Cross-Site Scripting

WordPress WPQA plugin prior to 5.4 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape a parameter on its reset password form. id: CVE-2022-1597 info: name: WordPress WPQA 5.4 - Cross-Site Scripting author: veshraj severity: medium description: | WordPress WPQ...

CVE-2017-18520

The democracy-poll plugin before 5.4 for WordPress has XSS via updatel10n in admin/class.DemAdminInit.php...

PT-2026-1788

Name of the Vulnerable Software and Affected Versions vanquish WooCommerce Orders & Customers Exporter versions through 5.4 Description The software contains a flaw due to improper neutralization of special elements within SQL commands, leading to a potential SQL Injection issue. The affected...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.4-2025-116 (ALASKERNEL-5.4-2025-116)

The version of kernel installed on the remote host is prior to 5.4.254-169.358. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2025-116 advisory. A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss ...

WordPress plugin YouTube Embed 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

MiniDVBLinux 安全漏洞

MiniDVBLinux is a multimedia center software from the German company MiniDVBLinux. A security vulnerability exists in MiniDVBLinux version 5.4, which stems from an insecure direct object reference that could lead to a configuration disclosure...

EUVD-2025-201433

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/dog/agentId endpoint. When an authenticated user adds or edits Software Watchdog process rules for an agent, the monitored process name is stored in the settings array and...

CVE-2025-53424 WordPress WooCommerce Orders & Customers Exporter plugin <= 5.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in vanquish WooCommerce Orders & Customers Exporter woocommerce-orders-ei allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Orders & Customers Exporter: from n/a through = 5.4...

EUVD-2020-14257

Malware in sbrugna...

MAL-2025-41336 Malicious code in typescript-5.4 (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ebff3cac791b9745fe1807a98ab1bf33dcd334bba210634fd691d4451d50f179 The OpenSSF Package Analysis project identified 'typescript-5.4' @...

CVE-2025-30613

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in N-Media Nmedia MailChimp nmedia-mailchimp-widget allows Stored XSS.This issue affects Nmedia MailChimp: from n/a through = 5.4...

CVE-2025-30613 WordPress Nmedia MailChimp plugin <= 5.4 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in N-Media Nmedia MailChimp nmedia-mailchimp-widget allows Stored XSS.This issue affects Nmedia MailChimp: from n/a through = 5.4...

CVE-2024-49563

Dell Unity, versions 5.4 and prior, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to execution of arbitrary operating system...

CVE-2025-24380

Dell Unity, versions 5.4 and prior, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privilege...

CVE-2024-49601

Dell Unity, versions 5.4 and prior, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Command execution...

CVE-2025-24383

Dell Unity, versions 5.4 and prior, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to delete arbitrary files. This vulnerability is...

Dell Unity 操作系统命令注入漏洞

Dell Unity is a set of virtual Unity storage environments from Dell USA. An OS command injection vulnerability exists in Dell Unity 5.4 and earlier versions, which can be exploited by an attacker to execute arbitrary operating system commands on the system...

PT-2025-13423 · Dell · Dell Unity

Name of the Vulnerable Software and Affected Versions: Dell Unity versions 5.4 and prior Description: The issue is related to an Improper Neutralization of Special Elements used in an OS Command, also known as 'OS Command Injection'. This could allow a low-privileged attacker with local access to...

PT-2025-1532 · Unknown · Labib Ahmed Animated Rotating Words

Name of the Vulnerable Software and Affected Versions: Labib Ahmed Animated Rotating Words versions through 5.4 Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For versions...

Acronis Cyber Infrastructure Default Password Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'sshkey' class MetasploitModule 'Acronis Cyber Infrastructure default password remote code execution', 'Description' = %q Acronis Cyber Infrastructure ACI is an ...