CVE-2025-54155 File Station 5

An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of...

CVE-2025-66546

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.19, 5.5.6, and 6.0.1, the calendar app allowed blindly booking appointments with a squential ID without known the appointment token. This vulnerability is fixed in 4.7.19, 5.5.6, and 6.0.1...

CVE-2025-66546 Nextcloud Calendar app allowed booking appointments without the generated token

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.19, 5.5.6, and 6.0.1, the calendar app allowed blindly booking appointments with a squential ID without known the appointment token. This vulnerability is fixed in 4.7.19, 5.5.6, and 6.0.1...

CVE-2025-66546 Nextcloud Calendar app allowed booking appointments without the generated token

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.19, 5.5.6, and 6.0.1, the calendar app allowed blindly booking appointments with a squential ID without known the appointment token. This vulnerability is fixed in 4.7.19, 5.5.6, and 6.0.1...

EUVD-2022-51989

Malicious code in bioql PyPI...

CVE-2025-58614 WordPress Tooltipy Plugin <= 5.5.6 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jamel.Z Tooltipy bluet-keywords-tooltip-generator allows Stored XSS.This issue affects Tooltipy: from n/a through = 5.5.6...

CVE-2025-29890

An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We ha...

CVE-2024-32521

Client-Side Enforcement of Server-Side Security vulnerability in Highfivery LLC Zero Spam allows Removing Important Client Functionality.This issue affects Zero Spam: from n/a through 5.5.6...

CVE-2023-24419

Cross-Site Request Forgery CSRF vulnerability in Strategy11 Form Builder Team Formidable Forms plugin = 5.5.6 versions...

Malicious code in marvinjs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 965b7b4455eec757889260ad7d11671ee747f1d78f5ccca323303d223f246c43 The OpenSSF Package Analysis project identified 'marvinjs' @ 5.5.6 npm as malicious. It is considered malicious because: - The package...

CVE-2024-5455 The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.5.6 - Authenticated (Contributor+) Local File Inclusion

The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.5.4 via the 'magazinestyle' parameter within the Dynamic Smart Showcase widget. This makes it possible for authenticated attackers, with Contributor-level...

WordPress plugin The Plus Addons for Elementor Page Builder security vulnerability

WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-35741 · WordPress · The Plus Addons For Elementor Page Builder

Name of the Vulnerable Software and Affected Versions: The Plus Addons for Elementor Page Builder plugin for WordPress versions up to, and including, 5.5.6 Description: The issue is related to Reflected Cross-Site Scripting via the forgoturl attribute within the plugin's WP Login & Register widge...

WordPress Element Pack Elementor Addons plugin <= 5.5.6 - Sensitive Information Exposure via element_pack_ajax_search vulnerability

Sensitive Information Exposure via elementpackajaxsearch vulnerability discovered by Krzysztof Zając in WordPress Plugin Element Pack Elementor Addons versions = 5.5.6...

WordPress Ivory Search Plugin <= 5.5.5 is vulnerable to Broken Access Control

Software Ivory Search Type Plugin Vulnerable versions = 5.5.5 Fixed in 5.5.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3233 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 5ff3a7d3e493 Credits Thura Moe Myint mgthuramoemyint...

CVE-2022-4665

Unrestricted Upload of File with Dangerous Type in GitHub repository ampache/ampache prior to 5.5.6...

UBUNTU-CVE-2022-4665

Unrestricted Upload of File with Dangerous Type in GitHub repository ampache/ampache prior to 5.5.6...

WordPress miniOrange's Google Authenticator plugin <= 5.5.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Niraj Mahajan in WordPress miniOrange's Google Authenticator plugin versions = 5.5.5. Solution Update the WordPress miniOrange's Google Authenticator plugin to the latest available version at least 5.5.6...

Authorization bypass in Spring Security

In Spring Security versions 5.5.6 and 5.5.7 and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with . in the regular expression are possibly vulnerable to an authorization bypass...

WordPress Multiple Vulnerabilities (Sep 2021) - Windows

WordPress is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...