PT-2026-50096

Unauthenticated Local File Inclusion in Solene = 3.4 versions...

CVE-2026-4304

The WeePie Cookie Allow plugin for WordPress is vulnerable to SQL Injection via the 'consent' parameter in all versions up to, and including, 3.4.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

EUVD-2019-20091

C4G Basic Laboratory Information System 3.4 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through the site parameter. Attackers can send GET requests to the usersselect.php endpoint with crafted S...

CVE-2026-2924 Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem <= 3.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'imageLoad'

The Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'imageLoad' parameter in versions up to, and including, 3.4.6 due to insufficient input sanitization and output escaping. This makes it possible for...

EulerOS 2.0 SP10 : python-ldap (EulerOS-SA-2026-1346)

According to the versions of the python-ldap packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitization method...

CVE-2026-2339 RCE in TUBITAK BILGEM's Liderahenk

Missing Authentication for Critical Function vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Remote Code Inclusion, Privilege Abuse, Command Injection. This issue affects Liderahenk: before 3.5.1...

CVE-2016-10898

The total-security plugin before 3.4.1 for WordPress has XSS...

Yccms 安全漏洞

Yccms is a lightweight Php-based CMS builder by Yccms team. A security vulnerability exists in Yccms version 3.4, which stems from improper neutralization of article title field input by the add and getPost functions in the ArticleAction.class.php file, which could lead to a stored cross-site...

CVE-2025-27712

Intel Neural Compressor (Intel® Neural Compressor) before version 3.4 is affected by CVE-2025-27712 due to improper neutralization that could enable local privilege escalation. An unprivileged, authenticated user with low attack complexity may exploit this from Ring 3: User Applications, with act...

Intel® Neural Compressor Software Advisory

Summary: A potential security vulnerability for some Intel® Neural Compressor software may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2025-27712 Description: Improper neutralization for some Intel®...

CVE-2025-11138 mirweiye wenkucms common.php createPathOne os command injection

A vulnerability was found in mirweiye wenkucms up to 3.4. This impacts the function createPathOne of the file app/common/common.php. The manipulation results in os command injection. The attack may be launched remotely. The exploit has been made public and could be used...

PT-2025-39091

Name of the Vulnerable Software and Affected Versions axboe fio versions up to 3.41 Description A flaw exists in axboe fio up to version 3.41 related to the str buffer pattern cb function within the file options.c. Manipulation of this function can lead to a null pointer dereference. Exploitation...

CVE-2024-32341

Multiple cross-site scripting XSS vulnerabilities in the Home page of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into any of the parameters...

CVE-2024-32743

A cross-site scripting XSS vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SITE LANGUAGE CONFIG parameter under the Security module...

CVE-2024-32339

Multiple cross-site scripting XSS vulnerabilities in the HOW TO page of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into any of the parameters...

CVE-2024-24512

Cross Site Scripting vulnerability in Pkp OJS v.3.4 allows an attacker to execute arbitrary code via the input subtitle component...

CVE-2023-1478

The Hummingbird WordPress plugin before 3.4.2 does not validate the generated file path for page cache files before writing them, leading to a path traversal vulnerability in the page cache module...

CVE-2020-23039

Folder Lock v3.4.5 was discovered to contain a stored cross-site scripting XSS vulnerability in the Create Folder function under the 'create' module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload as a path or folder name...

WordPress Advance Seat Reservation Management for WooCommerce plugin <= 3.3 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by Aiden Thái An in WordPress Plugin Advance Seat Reservation Management for WooCommerce versions = 3.3...

GHSA-5C8J-G96X-CJ78 H2O Vulnerable to Denial of Service (DoS) via `HEAD` Request

A vulnerability in the typeahead endpoint of h2oai/h2o-3 version 3.46.0 allows for a denial of service. The endpoint performs a HEAD request to verify the existence of a specified resource without setting a timeout. An attacker can exploit this by sending multiple requests to an attacker-controll...