CVE-2026-42758 WordPress WebinarIgnition plugin < 4.08.253 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition allows Privilege Escalation.This issue affects WebinarIgnition: from n/a through 4.08.253...

CVE-2026-36764

A Server-Side Request Forgery SSRF in the /ureport/datasource/testConnection endpoint of SpringBlade v4.8.0 allows authenticated attackers to scan internal resources via a crafted GET request...

CVE-2025-66093

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in hupe13 Extensions for Leaflet Map extensions-leaflet-map allows DOM-Based XSS.This issue affects Extensions for Leaflet Map: from n/a through = 4.8...

WordPress Jobmonster Theme <= 4.8.0 - Sensitive Data Exposure Vulnerability

Sensitive Data Exposure Vulnerability discovered by Ananda Dhakal Patchstack in WordPress Theme Jobmonster versions = 4.8.0...

SCATI Vision Web SQL注入漏洞

SCATI Vision Web is a browser component from SCATI Spain. A SQL injection vulnerability exists in SCATI Vision Web versions 4.8 through 7.2, which originates from a SQL injection and could lead to the disclosure of database information...

Drupal Enterprise MFA - TFA for Drupal 安全漏洞

Drupal Enterprise MFA - TFA for Drupal is a module plugin in the Drupal content management system from the Drupal community. A security vulnerability exists in Drupal Enterprise MFA - TFA for Drupal versions prior to 4.8.0, prior to 5.2.1, prior to 5.0., and prior to 5.1. that stems from an...

RuoYi 安全漏洞

RuoYi is a backend management system for individual developers of RuoYi China. A security vulnerability exists in RuoYi v.4.8.0, which originates from the SysDictTypeController component and may result in elevated privileges...

CVE-2024-32409

An issue in SEMCMS v.4.8 allows a remote attacker to execute arbitrary code via a crafted script...

WordPress Bold Page Builder plugin <= 4.8.8 - Authenticated Stored Cross-Site Scripting vulnerability

Authenticated Stored Cross-Site Scripting vulnerability discovered by João Pedro Soares de Alcântara in WordPress Plugin Bold Page Builder versions = 4.8.8...

CVE-2022-36053 Out-of-bounds read in the uIP buffer module

Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The low-power IPv6 network stack of Contiki-NG has a buffer module os/net/ipv6/uipbuf.c that processes IPv6 extension headers in incoming data packets. As part of this processing, the function...

An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection the fingerprint of the server is neither checked nor displayed. As a result a user connects to the server without the ability to verify its authenticity.

...