16 matches found
CVE-2025-5804
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Case Themes Case Theme User case-theme-user allows PHP Local File Inclusion.This issue affects Case Theme User: from n/a through 1.0.4...
EUVD-2025-209401
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Case Themes Case Theme User allows PHP Local File Inclusion.This issue affects Case Theme User: from n/a before 1.0.4...
CVE-2026-3528
CVE-2026-3528 is a Drupal Calculation Fields vulnerability (modulename: Calculation Fields) that allows Cross-site Scripting (XSS) due to improper neutralization of input during web page generation. Affected products are Drupal Calculation Fields versions prior to 1.0.4; the issue can lead to XSS...
CVE-2026-3528
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Calculation Fields allows Cross-Site Scripting XSS.This issue affects Calculation Fields: from 0.0.0 before 1.0.4...
WordPress plugin My Album Gallery 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2026-1553
Incorrect Authorization vulnerability in Drupal Drupal Canvas allows Forceful Browsing.This issue affects Drupal Canvas: from 0.0.0 before 1.0.4...
CVE-2026-1553 Drupal Canvas - Moderately critical - Access bypass - SA-CONTRIB-2026-006
Incorrect Authorization vulnerability in Drupal Drupal Canvas allows Forceful Browsing.This issue affects Drupal Canvas: from 0.0.0 before 1.0.4...
CVE-2025-62037
Missing Authorization vulnerability in uxper Togo togo.This issue affects Togo: from n/a through 1.0.4...
CVE-2025-62036
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in uxper Togo togo.This issue affects Togo: from n/a through 1.0.4...
CVE-2025-62034
CVE-2025-62034 is a Privilege Escalation in the WordPress theme Togo (
WordPress plugin Togo 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
CVE-2025-55284 Claude Code's Permissive Default Allowlist Enables Unauthorized File Read and Network Exfiltration in Claude Code
Claude Code is an agentic coding tool. Prior to version 1.0.4, it's possible to bypass the Claude Code confirmation prompts to read a file and then send file contents over the network without user confirmation due to an overly broad allowlist of safe commands. Reliably exploiting this requires th...
SUSE CVE-2015-9274
HarfBuzz before 1.0.4 allows remote attackers to cause a denial of service invalid read of two bytes and application crash because of GPOS and GSUB table mishandling, related to hb-ot-layout-gpos-table.hh, hb-ot-layout-gsub-table.hh, and hb-ot-layout-gsubgpos-private.hh...
UBUNTU-CVE-2020-24503
Insufficient access control in some IntelR Ethernet E810 Adapter drivers for Linux before version 1.0.4 may allow an authenticated user to potentially enable information disclosure via local access...
Geta NestedObjectAssign Security Vulnerability
Geta NestedObjectAssign is a Javascript-based codebase for extending the Object.assign function from the Geta team. A security vulnerability exists in Geta NestedObjectAssign before 1.0.4, which stems from susceptibility to prototype contamination of default functions...
DEBIAN-CVE-2019-18978
An issue was discovered in the rack-cors aka Rack CORS Middleware gem before 1.0.4 for Ruby. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format...