CVE-2026-27348 WordPress Photography theme < 7.7.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Photography photography allows DOM-Based XSS.This issue affects Photography: from n/a through 7.7.6...

WordPress plugin GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin...

WordPress GamiPress plugin <= 7.6.1 - Missing Authorization to Authenticated (Subscriber+) Information Exposure vulnerability

Missing Authorization to Authenticated Subscriber+ Information Exposure vulnerability discovered by kr0d in WordPress Plugin GamiPress versions = 7.6.1...

EUVD-2017-9173

Malware in sbrugna...

EUVD-2017-4124

Malware in sbrugna...

EUVD-2017-4118

Malware in sbrugna...

EUVD-2017-4123

Malware in sbrugna...

EUVD-2022-0803

Malicious code in bioql PyPI...

[SECURITY] Fedora 42 Update: varnish-7.6.1-6.fc42

This is Varnish Cache, a high-performance HTTP accelerator. Varnish Cache stores web pages in memory so web servers don=E2=80=99t have to create the same web page over and over again. Varnish Cache serves pages much faster than any application server; giving the website a significant speed up...

Rocket.Chat 安全漏洞

Rocket.Chat is a chat program from Rocket.Chat, Inc. A security vulnerability exists in Rocket.Chat versions 7.6.1 and earlier, which stems from inefficient regular expression complexity due to incorrect manipulation of the parameter line in file...

Unicom Focal Point 安全漏洞

Unicom Focal Point is a portfolio management and decision analysis tool from Unicom, Inc. for use by corporate and government agency product organizations. A security vulnerability exists in Unicom Focal Point version 7.6.1 that stems from stored cross-site scripting in the val parameter and...

PT-2025-23622 · Unicom · Unicom Focal Point

Name of the Vulnerable Software and Affected Versions: Unicom Focal Point version 7.6.1 Description: A Cross Site Scripting issue was found. The val parameter in SettingController for the "/fp/admin/settings/loginpage" endpoint and the rootserviceurl parameter in FriendsController for the...

CVE-2025-32814

An issue was discovered in Infoblox NETMRI before 7.6.1. Unauthenticated SQL Injection can occur...

PT-2025-22492 · Infoblox · Infoblox Netmri

Name of the Vulnerable Software and Affected Versions: Infoblox NETMRI versions prior to 7.6.1 Description: An issue was discovered in Infoblox NETMRI. Authentication bypass can occur due to a hardcoded credential. Recommendations: Update Infoblox NETMRI to version 7.6.1 or later...

WordPress YellowPencil Visual CSS Style Editor Plugin <= 7.6.1 is vulnerable to Cross Site Scripting (XSS)

Software YellowPencil Visual CSS Style Editor Type Plugin Vulnerable versions = 7.6.1 Fixed in 7.6.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43963 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c8ac87b1f76e Credits Le Ngoc Anh...

CVE-2024-7836

The Themify Builder plugin for WordPress is vulnerable to unauthorized post duplication due to missing checks on the duplicatepageajaxify function in all versions up to, and including, 7.6.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to duplicate...

PT-2024-38615 · WordPress · Themify Builder

Name of the Vulnerable Software and Affected Versions: Themify Builder plugin for WordPress versions up to, and including, 7.6.1 Description: The issue allows authenticated attackers with Contributor-level access and above to duplicate and view private or draft posts created by other users, due t...

Atlassian Jira 6.0.0 < 7.2.12 Xss In Printable Searchrequest Issue Resource

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is version 6.0.x prior to 7.2.12 or 7.4.4 prior to 7.6.1. It is, therefore, affected by a vulnerability which permits remote attackers to inject arbitrary HTML or JavaScript via a cross...

PT-2022-15367 · Ibm · Ibm Control Desk

Name of the Vulnerable Software and Affected Versions: IBM Control Desk version 7.6.1 Description: The issue allows attackers to obtain cookie values by sending an http link to a user or planting this link in a site the user visits. When the user clicks the link, the cookie will be sent to the...

PT-2022-22945 · Ibm · Ibm Maximo Asset Management

Name of the Vulnerable Software and Affected Versions: IBM Maximo Asset Management version 7.6.1 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted session...