CVE-2026-7509

The KIA Subtitle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's the-subtitle shortcode before and after attributes in all versions up to, and including, 4.0.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This...

CVE-2026-43897

Link Preview JS extracts web links information. Prior to 4.0.1, the library did not check for IPv6 loopback attacks. There was also a DNS attack, where an address could be resolved into an internal IP. This could cause internal data leaks. This vulnerability is fixed in 4.0.1...

CVE-2025-14755 Cost Calculator Builder <= 4.0.1 - Unauthenticated Price Manipulation and Insecure Direct Object Reference

The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Price Manipulation and Insecure Direct Object Reference IDOR in all versions up to, and including, 4.0.1 only when used in combination with Cost Calculator Builder PRO. This is due to the ccbwoocommercepayment AJAX...

PT-2026-22301

A weakness has been identified in snowflakedb snowflake-jdbc up to 4.0.1. Impacted is the function SdkProxyRoutePlanner of the file src/main/java/net/snowflake/client/internal/core/SdkProxyRoutePlanner.java of the component JDBC URL Handler. Executing a manipulation of the argument nonProxyHosts...

WordPress WP jQuery DataTable plugin <= 4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP jQuery DataTable versions = 4.0.1...

CVE-2025-60632

An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via crafted POST request to the NpcfBDTPolicyControl API...

EUVD-2025-31679

Malicious code in bioql PyPI...

CVE-2023-38001

IBM Aspera Orchestrator 4.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 260206...

PT-2024-12092 · Ibm · Ibm Aspera Orchestrator

Name of the Vulnerable Software and Affected Versions: IBM Aspera Orchestrator version 4.0.1 Description: The issue is caused by improper validation of input by the HOST headers, leading to HTTP header injection. This could allow an attacker to conduct various attacks against the vulnerable syste...

WordPress EmbedPress plugin <= 4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via EmbedPress PDF Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via EmbedPress PDF Widget vulnerability discovered by wesley wcraft in WordPress Plugin EmbedPress versions = 4.0.1...

PT-2024-21142 · Unknown · Dreamer Cms

Name of the Vulnerable Software and Affected Versions: Dreamer CMS version 4.0.1 Description: An access control issue allows attackers to download backup files and leak sensitive information. Recommendations: For Dreamer CMS version 4.0.1, at the moment, there is no information about a newer...

CVE-2024-0522

A vulnerability was found in Allegro RomPager 4.01. It has been classified as problematic. Affected is an unknown function of the file usertable.htm?action=delete of the component HTTP POST Request Handler. The manipulation of the argument username leads to cross-site request forgery. It is...

PT-2022-4846 · D Link · D-Link Dir-2150

Name of the Vulnerable Software and Affected Versions: D-Link DIR-2150 version 4.0.1 Description: This issue allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 routers. Authentication is not required to exploit this issue. The specific fla...

ch.mobi.mobitor:mobitor-base (>=3.1.242 <=3.1.295), cloud.piranha.session:piranha-session-hazelcast (>=20.5.0 <=20.11.0) +84 more potentially affected by unknown CVE via com.hazelcast:hazelcast (>=4.0.1 <=4.0.4)

com.hazelcast:hazelcast MAVEN version =4.0.1, =3.1.242, =20.5.0, =3.1.1, =3.1.1, =0.4.0, =0.1.1, =6.0.1, =1.0.2, =4.1, =4.0.1, =2.1.0, =2.1.0, =2.1.1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-V57X-GXFJ-484Q...