EUVD-2026-5298

Cross-Site Request Forgery CSRF vulnerability in themelooks Enter Addons enteraddons allows Cross Site Request Forgery.This issue affects Enter Addons: from n/a through = 2.3.2...

CVE-2026-25014

CVE-2026-25014 describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin Enter Addons (themelooks) affecting Enter Addons versions from n/a up to and including 2.3.2. The CVSS v3.1 base score is 4.3 (Medium) with network attack vector, required user interaction, and part...

CVE-2026-24556 WordPress ElementCamp plugin <= 2.3.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in wpdive ElementCamp element-camp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ElementCamp: from n/a through = 2.3.2...

WordPress plugin ElementCamp has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

EUVD-2025-36009

Missing Authorization vulnerability in wprio Table Block by RioVizual riovizual allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Table Block by RioVizual: from n/a through = 2.3.2...

CVE-2025-54998

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 0.1.0 through 2.3.1, attackers could bypass the automatic user lockout mechanisms in the OpenBao Userpass or LDAP auth systems. This was caused by...

CVE-2025-54996 OpenBao Root Namespace Operator May Elevate Token Privileges

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, accounts with access to highly-privileged identity entity systems in root namespaces were able to increase their scope directly to...

SonicDICOM Media Viewer 安全漏洞

SonicDICOM Media Viewer is a software for viewing medical image files from SonicDICOM, Inc. A security vulnerability exists in SonicDICOM Media Viewer 2.3.2 and prior versions, which stems from a contained DLL search path issue that could lead to unsafe loading of dynamic link libraries...

CVE-2023-43873

A Cross Site Scripting XSS vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Name filed in the Manage Menu...

e017 CMS Cross-Site Scripting Vulnerability

e017 CMS is a content management system by e017. A cross-site scripting vulnerability exists in e017 CMS version v.2.3.2. An attacker can exploit this vulnerability by executing arbitrary code in the Copyright and Author fields of the Meta & Custom Tags Menu via specially crafted scripts...

CVE-2023-2304

The Favorites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'userfavorites' shortcode in versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

Online Ordering System SQL注入漏洞

Online Ordering System is a multi-store ordering system that can be used by any small business.Online Ordering System version v2.3.2 is vulnerable to SQL injection, which originates from /ordering/index.php?q=category&search=Lack of validation of external input SQL statement validation, an attack...

cloud.agileframework:agile-security (>=2.1.0.M8 <=2.2.0.M7), cloud.agileframework:spring-boot-starter-kaptcha (>=2.1.0.M8 <=2.2.0.M7) +234 more potentially affected by CVE-2018-18531 via com.github.penggle:kaptcha (=2.3.2)

com.github.penggle:kaptcha MAVEN version =2.3.2 is affected by a known vulnerability. The following packages have a transitive dependency on com.github.penggle:kaptcha and may be impacted: - cloud.agileframework:agile-security =2.1.0.M8, =2.1.0.M8, =1.0.0-2024, =1.0.0-2024, =1.0.0-2024, =1.0.0,...

MantisBT 'Timeline include' page cross-site scripting vulnerability

MantisBT is a Web-based open source defect tracking system of the MantisBT team . The system provides project management and defect tracking services in the form of Web operations. A cross-site scripting vulnerability exists in the Timeline include page used in the My View myviewpage.php and User...