node-forge: Forge: Signature Forgery via Weak RSASSA PKCS#1 v1.5 Verification

A flaw was found in Forge also called node-forge, a JavaScript implementation of Transport Layer Security. A remote attacker could exploit weaknesses in the RSASSA PKCS1 v1.5 signature verification process. By crafting malicious signatures that include extra data within the ASN structure and do n...

Fedora 43 : apptainer (2026-6c547e9f64)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-6c547e9f64 advisory. Update to upstream 1.5.0, fix CVE-2026-32285 and CVE-2026-34986 ---- Update to upstream 1.5.0-rc.2 ---- Update to upstream 1.5.0-rc.1 Tenable has...

CVE-2026-45214

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Xpro Xpro Elementor Addons xpro-elementor-addons allows Blind SQL Injection.This issue affects Xpro Elementor Addons: from n/a through = 1.5.1...

Atlona ATOMERX21 - Authenticated Command Injection

// Exploit Title: Atlona AT-OME-RX21 Authenticated Command Injection // Google Dork: N/A // Date: 2025-12-28 // Exploit Author: RIZZZIOM // Vendor Homepage: https://atlona.com // Software Link: https://atlona.com/product/at-ome-rx21/ // Version: Firmware -u -p -l -P -c package main import "bytes"...

PT-2026-35222

A security vulnerability has been detected in tufantunc ssh-mcp up to 1.5.0. The affected element is the function shell.write of the file src/index.ts. Such manipulation of the argument Description leads to command injection. The attack must be carried out locally. The exploit has been disclosed...

CVE-2026-2450

.NET misconfiguration: use of impersonation vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Hijacking a Privileged Thread of Execution.This issue affects upKeeper Instant Privilege Access: through 1.5.0...

CVE-2025-69243 User enumeration in Raytha CMS

Raytha CMS is vulnerable to User Enumeration in password reset functionality. Difference in messages could allow an attacker to determine if the login is valid or not, enabling a brute force attack with valid logins. This issue was fixed in version 1.5.0...

WordPress plugin R&F 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

CVE-2026-24038

Horilla HRMS has a 2FA bypass in version 1.4.0 due to a flawed OTP equality check: when OTP expires, the server returns None and omitting the otp field makes user_otp == otp pass, bypassing 2FA. Administrative accounts risk data compromise; fixed in version 1.5.0. Remediation: upgrade to 1.5.0 or...

PT-2026-1588

Name of the Vulnerable Software and Affected Versions The Latest Registered Users plugin for WordPress versions prior to 1.5 Description The Latest Registered Users plugin for WordPress is susceptible to unauthorized user data export. This is a result of a lack of authorization and nonce validati...

PT-2025-54455

Name of the Vulnerable Software and Affected Versions Gargoyle router management utility versions 1.5.x Description The application does not properly restrict or validate input provided through the commands parameter, leading to authenticated OS command execution. This occurs in the /utility/run...

CVE-2025-62939 WordPress Open Currency Converter plugin <= 1.5.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Joe Open Currency Converter artiss-currency-converter allows Stored XSS.This issue affects Open Currency Converter: from n/a through = 1.5.0...

WordPress weichuncai(WP伪春菜) plugin <= 1.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by johska in WordPress Plugin weichuncaiWP伪春菜 versions = 1.5...

CVE-2023-47295

A CSV injection vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands via injecting a crafted payload into any text field that accepts strings...

CVE-2022-45014

A cross-site scripting XSS vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Results Header field...

CVE-2020-20663

libieciccpmod v1.5 contains a heap-buffer-overflow in the component mmsclientconnection.c...

CVE-2020-8826

As of v1.5.0, the Argo web interface authentication system issued immutable tokens. Authentication tokens, once issued, were usable forever without expiration—there was no refresh or forced re-authentication...

CVE-2020-20662

libieciccpmod v1.5 contains a heap-buffer-overflow in the component mmsclientexample1.c...

CVE-2025-48264

Cross-Site Request Forgery CSRF vulnerability in artiosmedia Product Code for WooCommerce product-code-for-woocommerce allows Cross Site Request Forgery.This issue affects Product Code for WooCommerce: from n/a through = 1.5.0...

Logpoint AgentX 安全漏洞

Logpoint AgentX is a component of a Security Information and Event Management SIEM solution from Logpoint Denmark. A security vulnerability exists in Logpoint AgentX versions prior to 1.5.0 that stems from inadequate access control and allows the li-admin user to access sensitive information...