PT-2026-45728

Name of the Vulnerable Software and Affected Versions Confidant versions prior to 1.5 Description Improper control of filenames for include or require statements in the PHP program allows for Local File Inclusion. This occurs when the application fails to properly validate the file paths used in...

WordPress Single Mailchimp plugin <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin Single Mailchimp versions = 1.4...

CVE-2026-33895

Summary: CVE-2026-33895 affects Forge (node-forge) prior to 1.4.0, where Ed25519 signature verification does not enforce S

PT-2026-21578

Name of the Vulnerable Software and Affected Versions free5gc UDM versions up to and including 1.4.1 Description The UDM component of free5gc, used for Unified Data Management in 5G mobile core networks, discloses detailed internal error messages to remote clients when processing invalid...

PT-2025-44288

Name of the Vulnerable Software and Affected Versions Jenkins Start Windocks Containers Plugin versions 1.4 and earlier Description A missing permission check allows attackers with Overall/Read permission to connect to a URL specified by the attacker. Recommendations Update Jenkins Start Windocks...

EUVD-2023-27236

Malicious code in bioql PyPI...

CVE-2021-2319

Vulnerability in the Oracle Cloud Infrastructure Storage Gateway product of Oracle Storage Gateway component: Management Console. The supported version that is affected is Prior to 1.4. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise...

CVE-2015-9302

The simple-fields plugin before 1.4.11 for WordPress has XSS...

WordPress plugin Xpro Elementor Addons 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2025-28901 WordPress Members page only for logged in users plugin <= 1.4.2 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Naren Members page only for logged in users members-page-only-for-logged-in-users allows Stored XSS.This issue affects Members page only for logged in users: from n/a through = 1.4.2...

CVE-2025-23487

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in odihost Easy Gallery simple-gallery-odihost allows Reflected XSS.This issue affects Easy Gallery: from n/a through = 1.4...

CVE-2025-23487 WordPress Easy Gallery plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in odihost Easy Gallery simple-gallery-odihost allows Reflected XSS.This issue affects Easy Gallery: from n/a through = 1.4...

Moderate: Red Hat Security Advisory: Red Hat Developer Hub 1.4.2 release.

Red Hat Developer Hub 1.4.2 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...

Silex Technology DS-600 安全漏洞

The Silex Technology DS-600 is a hardware device from Silex Technology, Inc. designed to easily connect and share USB 3.0 and 2.0 devices over a network. A security vulnerability exists in the Silex Technology DS-600 version v.1.4.1. A remote attacker could exploit the vulnerability to edit devic...

CVE-2021-39332 Business Manager – WordPress ERP, HR, CRM, and Project Management Plugin <= 1.4.5 Authenticated Stored Cross-Site Scripting

The Business Manager WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization found throughout the plugin which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.4.5. This...

Oracle Cloud Infrastructure Storage Gateway 安全漏洞

Oracle Cloud Infrastructure Storage Gateway is an application gateway from Oracle Corporation in the United States. A security vulnerability in Oracle Cloud Infrastructure Storage Gateway Management Console Prior to 1.4 allows a highly privileged attacker accessed over an HTTP network to compromi...

MiniUPnP MiniSSDPd Resource Management Error Vulnerability

MiniSSDPd is a daemon for managing SSDPs on Posix systems. A resource management error vulnerability exists in the 'updateDevice' function of the minissdpd.c file in MiniUPnP MiniSSDPd versions 1.4 and 1.5. The vulnerability stems from the mismanagement of system resources e.g., memory, disk spac...

CVE-2017-17873

Vanguard Marketplace Digital Products PHP 1.4 has SQL Injection via the PATHINFO to the /p URI...

CVE-2016-9354

An issue was discovered in Moxa DACenter Versions 1.4 and older. A specially crafted project file may cause the program to crash because of Uncontrolled Resource Consumption...