PT-2025-45545

Name of the Vulnerable Software and Affected Versions Course Booking System versions prior to 6.1.6 Description The Course Booking System plugin for WordPress has a flaw that allows unauthorized access to data. This is due to a missing capability check in the csv-export.php file. An unauthenticat...

EUVD-2017-6090

Malware in sbrugna...

EUVD-2024-22115

Malicious code in bioql PyPI...

EUVD-2025-8746

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-2758

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 5.2.40, prior to...

Third-Party Dependency in Crowd Data Center

Note: Aligning with our security bug fix policy|https://www.atlassian.com/trust/security/bug-fix-policy, this vulnerability has been fixed in our latest release only This Critical severity Third-Party Dependency vulnerability was introduced in version 6.1.1 of Crowd Data Center. This Third-Party...

CVE-2021-3375

ActivePresenter 6.1.6 is affected by a memory corruption vulnerability that may result in a denial of service DoS or arbitrary code execution...

CVE-2025-31557

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in MiKa OSM osm allows DOM-Based XSS.This issue affects OSM: from n/a through = 6.1.13...

CVE-2025-31557 WordPress OSM plugin <= 6.1.13 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in MiKa OSM osm allows DOM-Based XSS.This issue affects OSM: from n/a through = 6.1.13...

Synology DiskStation Manager Cross-site Scripting (CVE-2018-8917)

Cross-site scripting XSS vulnerability in info.cgi in Synology DiskStation Manager DSM before 6.1.6-15266 allows remote attackers to inject arbitrary web script or HTML via the host parameter. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for mor...

CVE-2024-24716

Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through 6.1.6...

CVE-2024-1472

The WP Maintenance plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.1.6 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's maintenance mode obtain post and page content via REST API...

PT-2024-18076 · WordPress · Wp Maintenance

Name of the Vulnerable Software and Affected Versions: WP Maintenance plugin for WordPress versions up to, and including, 6.1.6 Description: The issue allows unauthenticated attackers to bypass the plugin's maintenance mode and obtain post and page content via the REST API. Recommendations: For W...

WordPress WP Maintenance Plugin <= 6.1.6 is vulnerable to Sensitive Data Exposure

Software WP Maintenance Type Plugin Vulnerable versions = 6.1.6 Fixed in 6.1.7 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-1472 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 1d4373c9ff44 Credits Francesco Carlucci Required...

WordPress Advanced Custom Fields Plugin < 6.1.6 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:advancedcustomfields:advancedcustomfields"; ifdescription...

Command injection

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiADC version 7.0.0 through 7.0.1, 6.2.0 through 6.2.2, 6.1.0 through 6.1.6, 6.0.x, 5.x.x allows attacker to execute arbitrary shell code as root via CLI commands...

SUSE CVE-2020-2907

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracl...

PT-2022-9527 · WordPress · Advanced Page Visit Counter

Name of the Vulnerable Software and Affected Versions: Advanced Page Visit Counter WordPress plugin versions prior to 6.1.6 Description: The issue is related to a SQL injection vulnerability. It occurs because the artID parameter is not properly escaped before being used in a SQL statement within...

UBUNTU-CVE-2021-32286

An issue was discovered in hcxtools through 6.1.6. A global-buffer-overflow exists in the function pcapngoptionwalk located in hcxpcapngtool.c. It allows an attacker to cause code Execution...

CVE-2021-3539 EspoCRM Avatar Persistent XSS

EspoCRM 6.1.6 and prior suffers from a persistent type II cross-site scripting XSS vulnerability in processing user-supplied avatar images. This issue was fixed in version 6.1.7 of the product...