WordPress MetaMagic SEO Plugin plugin <= 1.6 - Cross-Site Request Forgery to Plugin Settings Update vulnerability

Cross-Site Request Forgery to Plugin Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin MetaMagic SEO Plugin versions = 1.6...

PT-2026-33079

Name of the Vulnerable Software and Affected Versions Smart Online Order for Clover versions n/a through 1.6.0 Description A Cross-Site Request Forgery CSRF flaw allows an attacker to induce a user to perform actions they did not intend to do. Recommendations At the moment, there is no informatio...

CVE-2026-33281

Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing NGAP messages with invalid PDU Session IDs outside of 1-15. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected...

CVE-2026-4588 kalcaddle kodbox Site-level API key shareOut.class.php shareSafeGroup hard-coded key

A vulnerability was determined in kalcaddle kodbox 1.64. Impacted is the function shareSafeGroup of the file /workspace/source-code/app/controller/explorer/shareOut.class.php of the component Site-level API key Handler. This manipulation of the argument sk causes use of hard-coded cryptographic k...

CVE-2026-22367

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Coworking coworking allows PHP Local File Inclusion.This issue affects Coworking: from n/a through = 1.6.1...

CVE-2022-28444

UCMS v1.6 was discovered to contain an arbitrary file read vulnerability...

WordPress plugin AHAthat Plugin 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2024-12164

The WPSyncSheets Lite For WPForms – WPForms Google Spreadsheet Addon plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpsslwpresetsettings function in all versions up to, and including, 1.6. This makes it possible for authenticated...

WordPress Zita Elementor Site Library plugin <= 1.6.3 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Francesco Carlucci in WordPress Plugin Zita Elementor Site Library versions = 1.6.3...

PT-2023-26950 · Unknown · Phpscriptpoint Lawyer

Name of the Vulnerable Software and Affected Versions: phpscriptpoint Lawyer version 1.6 Description: A vulnerability was found in the file page.php, which leads to cross site scripting. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond ...

CVE-2023-23296

Korenix JetWave 4200 Series 1.3.0 and JetWave 3200 Series 1.6.0 are vulnerable to Denial of Service via /goform/formDefault...

Checkmk 输入验证错误漏洞

Checkmk is an editor. Checkmk has a security vulnerability that stems from its incorrect input validation of LDAP user ids allowing an attacker who has control over the LDAP user id to manipulate files on the server. The following versions are affected: 2.1.0p19 and earlier, 2.0.0p32 and earlier,...

UCMS 代码问题漏洞

UCMS is a content management system written in PHP. A security vulnerability exists in UCMS version 1.6, which originates from an arbitrary file upload vulnerability in the /ucms-v1.6/ucms/sadmin/file PHP file...

An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways.

...

CVE-2020-18264

Cross Site Request Forgery CSRF in Simple-Log v1.6 allows remote attackers to gain privilege and execute arbitrary code via the component "Simple-Log/admin/admin.php?act=acteditmember"...

XSS vulnerability in bluecms v1.6

BlueCMS is a professional local portal system developed by open source combination of PHP + MYSQL, focusing on local portal CMS. bluecms v1.6 exists XSS vulnerability, attackers can use the vulnerability to obtain the user's COOKIE...