13 matches found
CVE-2026-6813 Continually <= 4.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'continually_embed_code' Parameter
The Continually plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...
CVE-2026-3504
The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.1 via the '/dokan/v1/stores/id/reviews' REST API endpoint. This is due to the 'preparereviewsforresponse' method...
CVE-2026-39521
Server-Side Request Forgery SSRF vulnerability in Nelio Software Nelio Content nelio-content allows Server Side Request Forgery.This issue affects Nelio Content: from n/a through = 4.3.1...
CVE-2019-25231 devolo dLAN Cockpit 4.3.1 Unquoted Service Path Privilege Escalation
devolo dLAN Cockpit 4.3.1 contains an unquoted service path vulnerability in the 'DevoloNetworkService' that allows local non-privileged users to potentially execute arbitrary code. Attackers can exploit the insecure service path configuration by inserting malicious code in the system root path t...
CVE-2025-13956
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the statistic function in all versions up to, and including, 4.3.1. This makes it possible for unauthenticated attackers to view the plugin's orders...
EUVD-2025-203384
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and abov...
WordPress plugin Small Package Quotes SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...
LG SuperSign CMS Cross-Site Scripting Vulnerability
LG SuperSign CMS is a content management software solution optimized for LG webOS kanbanban from Luckin LG Korea. A cross-site scripting vulnerability exists in LG SuperSign CMS versions 4.1.3 through 4.3.1, which stems from improper input neutralization during web page generation, resulting in...
CVE-2022-22775
The Workspace client component of TIBCO Software Inc.'s TIBCO BPM Enterprise and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric contains difficult to exploit Reflected Cross Site Scripting XSS vulnerabilities that allow low privileged attackers with network access to execute scripts...
UBUNTU-CVE-2020-10756
An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6sendechoreply routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory,...
Broadcom CA API Developer Portal Access Control Error Vulnerability
Broadcom CA API Developer Portal is an API developer portal product of Broadcom's complete API lifecycle management solution, which provides API release control, API performance monitoring and other functions. A security vulnerability exists in Broadcom CA API Developer Portal 4.3.1 and prior...
Broadcom CA API Developer Portal Input Validation Error Vulnerability (CNVD-2020-25822)
Broadcom CA API Developer Portal is an API developer portal product of Broadcom's complete API lifecycle management solution, which provides API release control, API performance monitoring and other functions. An input validation error vulnerability exists in Broadcom CA API Developer Portal...
CVE-2018-17918
Circontrol CirCarLife all versions prior to 4.3.1, authentication to the device can be bypassed by entering the URL of a specific page...