CVE-2026-46510

form-data-objectizer converts FormData to object. Prior to 1.0.1, form-data-objectizer walks bracket-notation form keys e.g. namesub into nested objects without filtering proto, constructor, or prototype. A single HTTP form field whose name starts with proto... causes the library to mutate...

PT-2026-22873

Name of the Vulnerable Software and Affected Versions International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web Management Interface version 101 Description A Reflected Cross-Site Scripting XSS issue exists in the /index.cgi API endpoint. The application does not...

PT-2026-22876

Name of the Vulnerable Software and Affected Versions International Datacasting Corporation IDC SFX Series SuperFlex SatelliteReceiver Web Management Interface version 101 Description An OS Command Injection vulnerability exists in the web-based Traceroute diagnostic utility. An authenticated...

CVE-2020-37148 P5 FNIP-8x16A/FNIP-4xSH 1.0.20, 1.0.11 - Stored Cross-Site Scripting (XSS)

P5 FNIP-8x16A/FNIP-4xSH versions 1.0.20 and 1.0.11 suffer from a stored cross-site scripting vulnerability. Input passed to several GET/POST parameters is not properly sanitized before being returned to the user, allowing attackers to execute arbitrary HTML and script code in a user's browser...

CVE-2025-68557

Missing Authorization vulnerability in Vikas Ratudi Chakra test chakra-test allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chakra test: from n/a through = 1.0.1...

PT-2025-50836

The Paypal Payment Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'buttom image' parameter of the paypal-shortcode shortcode in all versions up to, and including, 1.01 due to insufficient input sanitization and output escaping. This makes it possible for...

icu-messageformat (>=2.0.0 <=2.0.1) potentially affected by unknown CVE via icu-messageformat (=1.0.1)

icu-messageformat NPM version =1.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on icu-messageformat and may be impacted: - icu-messageformat =2.0.0, =2.0.1 Source cves: unknown CVE Source advisory: OSV:MAL-2025-49416...

CVE-2025-11810 Print Button Shortcode <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Print Button Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'print-button' shortcode in all versions up to, and including, 1.0.1. This is due to insufficient input sanitization and output escaping on the 'target' attribute. This makes it possible for...

EUVD-2025-28211

Malicious code in bioql PyPI...

PT-2025-5087 · Unknown · Wm Options Import Export

Name of the Vulnerable Software and Affected Versions: WM Options Import Export versions 1.0.1 and earlier Description: The issue allows for the retrieval of embedded sensitive data due to the insertion of sensitive information into sent data. This can potentially expose confidential information...

WordPress League of Legends Shortcodes plugin <= 1.0.1 - Authenticated (Contributor+) SQL Injection vulnerability

Authenticated Contributor+ SQL Injection vulnerability discovered by István Márton in WordPress Plugin League of Legends Shortcodes versions = 1.0.1...

WordPress plugin WP Logs Book security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

Jasmin The Ransomware 安全漏洞

Jasmin The Ransomware is a powerful ransomware security testing tool used by ReadTeams, a personal developer of Siddhant Gour. A security vulnerability exists in Jasmin The Ransomware version v.1.0.1. The vulnerability is exploited by attackers to obtain sensitive information via the...

CVE-2024-24757 open-irs .env Exposure

open-irs is an issue response robot that reponds to issues in the installed repository. The .env file was accidentally uploaded when working with git actions. This problem is fixed in 1.0.1. Discontinuing all sensitive keys and turning into secrets...

MOXA MXsecurity SQL Injection Vulnerability

MOXA MXsecurity is a management platform from China-based MOXA. It provides centralized visibility and security management to easily monitor and identify network threats and prevent security misconfigurations to create a robust threat defense. A security vulnerability exists in MXsecurity v1.0.1...

PT-2022-26249 · Unknown · Klik Socialmediawebsite

Name of the Vulnerable Software and Affected Versions: KLiK SocialMediaWebsite version v1.0.1 Description: The issue concerns SQL Injection via the profile.php file. Recommendations: For version v1.0.1, consider restricting access to the profile.php file until a patch is available. Avoid using...

GPAC 输入验证错误漏洞

GPAC Project on Advanced Content is an open source cross-platform library that implements the MPEG-4 system standard and provides tools for media playback, vector graphics, and 3D rendering.The MPEG-4 decoding feature of GPAC Project on Advanced Content library 1.0.1 suffers from an integer...