EUVD-2026-10076

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to version 1.7.2, the thumbnail endpoint does not validate the password for password‑protected files. It checks ownership/admin for private files but skips password verification, allowing...

WordPress plugin VikBooking Hotel Booking Engine & PMS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Web Directory Free plugin < 1.7.2 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Simone Onofri, Kim Cerra, Andrea De Dominicis in WordPress Plugin Web Directory Free versions 1.7.2...

SUSE CVE-2017-2633

An out-of-bounds memory access issue was found in Quick Emulator QEMU before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vncrefreshserversurface'. A user inside a guest could use this flaw to crash the QEMU process...

PT-2023-13620 · WordPress · Visual Email Designer For Woocommerce

Name of the Vulnerable Software and Affected Versions: The Visual Email Designer for WooCommerce WordPress plugin versions prior to 1.7.2 Description: The issue arises from the plugin's failure to properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL...

PrestaShop 授权问题漏洞

Prestashop is a set of open source e-commerce solutions from the United States Prestashop. The solution provides a variety of payment methods , short message alerts and product image scaling and other features . A security vulnerability exists in PrestaShop versions prior to 1.7.2. The...

WordPress kiwi-logo-carousel plugin cross-site request forgery vulnerability

WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports personal blog sites on PHP and MySQL servers. kiwi-logo-carousel is a rotating effect plugin used in it. A cross-site request forgery vulnerability exists in WordPress kiwi-logo-carousel plugin...

UBUNTU-CVE-2015-1164

Open redirect vulnerability in the serve-static plugin before 1.7.2 for Node.js, when mounted at the root, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a // slash slash followed by a domain in the PATHINFO to the default URI...

qemu: virtio-scsi: buffer overrun on invalid state load

The virtioscsiloadrequest function in hw/scsi/scsi-bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds array access...

DEBIAN-CVE-2010-0628

The spnegogssacceptseccontext function in lib/gssapi/spnego/spnegomech.c in the SPNEGO GSS-API functionality in MIT Kerberos 5 aka krb5 1.7 before 1.7.2 and 1.8 before 1.8.1 allows remote attackers to cause a denial of service assertion failure and daemon crash via an invalid packet that triggers...