CVE-2026-7459

The CVE concerns the Simple History – Track, Log, and Audit WordPress Changes plugin for WordPress (

CVE-2018-25377

Flash Slideshow Maker Professional 5.20 is affected by a buffer overflow in the registration dialog (Help > Register). The underlying cause involves structured exception handling (SEH), enabling a local attacker to craft a malicious payload and paste it into the Name and Code fields, potential...

CVE-2026-21857

REDAXO is a PHP-based content management system. Prior to version 5.20.2, authenticated users with backup permissions can read arbitrary files within the webroot via path traversal in the Backup addon's file export functionality. The Backup addon does not validate the EXPDIR POST parameter agains...

CVE-2025-62521 ChurchCRM has unauthenticated RCE in its Install Wizard

ChurchCRM is an open-source church management system. Prior to version 5.21.0, a pre-authentication remote code execution vulnerability in ChurchCRM's setup wizard allows unauthenticated attackers to inject arbitrary PHP code during the initial installation process, leading to complete server...

CVE-2025-66026

CVE-2025-66026 is a reflected XSS in REDAXO CMS (pre-5.20.1) affecting the Mediapool view where args[types] is echoed into an info banner without escaping. The root cause is lack of HTML-escaping when rendering the value, allowing an authenticated user to trigger arbitrary JavaScript execution in...

REDAXO CMS is vulnerable to XSS through its module management component

A stored cross-site scripting XSS vulnerability in the module management component in REDAXO CMS 5.20.0 allows remote users to inject arbitrary web script or HTML via the Output code field in modules. The payload is executed when a user views or edits an article by adding slice that uses the...

REDAXO 安全漏洞

REDAXO is a content management system from REDAXO open source. A security vulnerability exists in REDAXO version 5.20.0, which stems from improper handling of the Output code field in the module management component and could lead to a stored cross-site scripting attack...

CVE-2025-64112

CVE-2025-64112 refers to a stored XSS vulnerability in Statamic CMS (Laravel + Git) involving Collections and Taxonomies. The issue allows an authenticated user with content-creation permissions to inject malicious JavaScript that executes for higher-privileged users, potentially enabling credent...

CVE-2025-62071 WordPress Social proof testimonials and reviews by Repuso plugin <= 5.29 - Broken Access Control vulnerability

Missing Authorization vulnerability in Repuso Social proof testimonials and reviews by Repuso social-testimonials-and-reviews-widget.This issue affects Social proof testimonials and reviews by Repuso: from n/a through = 5.29...

CVE-2025-53092 Strapi core vulnerable to sensitive data exposure via CORS misconfiguration

Strapi is an open source headless content management system. Strapi versions prior to 5.20.0 contain a CORS misconfiguration vulnerability in default installations. By default, Strapi reflects the value of the Origin header back in the Access-Control-Allow-Origin response header without proper...

CVE-2025-53092

Strapi core (open-source headless CMS) contains a CORS misconfiguration in default installations prior to version 5.20.0: the Origin header is reflected back in Access-Control-Allow-Origin without proper validation or whitelisting, enabling an attacker-controlled site to send credentialed request...

CVE-2025-3930 Lack of JWT Expiration after Log Out in Strapi

Strapi uses JSON Web Tokens JWT for authentication. After logout or account deactivation, the JWT is not invalidated, which allows an attacker who has stolen or intercepted the token to freely reuse it until its expiration date which is set to 30 days by default, but can be changed. The existence...

EUVD-2025-27940

Malicious code in bioql PyPI...

EUVD-2025-27941

Malicious code in bioql PyPI...

BlueStacks 安全漏洞

BlueStacks is an Android emulator on Windows from BlueStacks, Inc. in the United States. A security vulnerability exists in BlueStacks version v5.20, which stems from a lack of SSL certificate validation and could lead to a man-in-the-middle attack...

PT-2025-6948 · Enituretechnology · Enituretechnology Ltl Freight Quotes – Worldwide Express Edition

Name of the Vulnerable Software and Affected Versions: enituretechnology LTL Freight Quotes – Worldwide Express Edition versions 5.0.20 and earlier Description: The issue allows exploitation of incorrectly configured access control security levels due to a lack of authorization. This problem can ...

CVE-2024-13351

The Social proof testimonials and reviews by Repuso plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rwimagebadge1' shortcode in all versions up to, and including, 5.20 due to insufficient input sanitization and output escaping on user supplied attributes. This...

WordPress Social proof testimonials and reviews by Repuso plugin <= 5.20 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin Social proof testimonials and reviews by Repuso versions = 5.20...

systeminformation 代码注入漏洞

systeminformation is an Npm software library that can obtain information about the operating system. A code injection vulnerability exists in systeminformation version 5.23.6 and earlier. An attacker can exploit this vulnerability to remotely execute code or elevate privileges...

WordPress plugin Event Espresso 4 Decaf 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin ... A security vulnerability...