PT-2026-40530

Name of the Vulnerable Software and Affected Versions mongocryptd versions prior to 7.0.34 mongocryptd versions prior to 8.0.23 mongocryptd versions prior to 8.2.9 mongocryptd versions prior to 8.3.2 Description A use-after-free issue exists in the Field-Level Encryption FLE query analysis...

CVE-2026-7246

Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit function, allowing attackers to pass arbitrary OS commands from an unprivileged account...

CVE-2025-63743

Cross-Site Scripting vulnerability in the Snipe-IT web-based asset management system v8.3.0 to up and including v8.3.1 allows authenticated attacker with lowest privileges sufficient only to log in, to inject arbitrary JavaScript code via "Name" and "Surname" fields. The JavaScript code is execut...

CVE-2025-49935 WordPress WoodMart theme < 8.3.2 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in xtemos WoodMart woodmart allows PHP Local File Inclusion.This issue affects WoodMart: from n/a through 8.3.2...

PT-2025-43199

Name of the Vulnerable Software and Affected Versions xtemos WoodMart versions prior to 8.3.2 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. This allows for the inclusion of local file...

EUVD-2018-12909

Malware in sbrugna...

EUVD-2018-10703

Malware in sbrugna...

GHSA-QWP8-X4FF-5H87 ZX Allows Environment Variable Injection for dotenv API

Impact This vulnerability is an Environment Variable Injection issue in dotenv.stringify, affecting google/zx version 8.3.1. An attacker with control over environment variable values can inject unintended environment variables into process.env. This can lead to arbitrary command execution or...

CVE-2025-24959

zx is a tool for writing better scripts. An attacker with control over environment variable values can inject unintended environment variables into process.env. This can lead to arbitrary command execution or unexpected behavior in applications that rely on environment variables for...

CVE-2025-24959

CVE-2025-24959 affects zx (versions prior to 8.3.2) due to an Environment Variable Injection flaw in dotenv.stringify, allowing an attacker controlling environment variable values to inject variables into process.env. Impact can include arbitrary command execution or unexpected behavior in securi...

WordPress Plugin Elementor Addons by Livemesh Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

WordPress Livemesh Addons for Elementor Plugin <= 8.3.2 is vulnerable to Cross Site Scripting (XSS)

Software Livemesh Addons for Elementor Type Plugin Vulnerable versions = 8.3.2 Fixed in 8.3.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1235 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ab5cdd31d383 Credits Webbernaut...

Atlassian Confluence Unauthenticated Remote Code Execution

This module exploits an improper input validation issue in Atlassian Confluence, allowing arbitrary HTTP parameters to be translated into getter/setter sequences via the XWorks2 middleware and in turn allows for Java objects to be modified at run time. The exploit will create a new administrator...

Vulnerabilities fixed in Atlassian Confluence

Atlassian has fixed vulnerabilities in Confluence. A malicious party could exploit the vulnerabilities to execute arbitrary code execute arbitrary code with application privileges and possibly thereby gain access to sensitive data. The malicious party needs prior authentication required. Atlassia...

Atlassian Jira < 8.3.2 Improper Authorization Via ATST Plugin

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to version 8.3.2 It is, therefore, shipped with a vulnerable version of the Atlassian Troubleshooting and Support plugin ATST, which permitted unprivileged users to initialte log...

CVE-2021-40272

OP5 Monitor 8.3.1, 8.3.2, and OP5 8.3.3 are vulnerable to Cross Site Scripting XSS...

ITRS Group OP5 Monitor 跨站脚本漏洞

ITRS Group OP5 Monitor is a network monitoring and management software product for servers from the UK-based ITRS Group, based on the open source project Naemon. A security vulnerability exists in ITRS Group OP5 Monitor versions 8.3.1, 8.3.2, and OP5 8.3.3, which stems from vulnerability to...

grafana: directory traversal vulnerability

Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md files. The vulnerability is limited in scope, and only allows access to files with the extension...

Sql injection

A improper neutralization of special elements used in an sql command 'sql injection' in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8.3.2 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the AP...

Command injection

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8.3.2 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to...