356 matches found
CVE-2025-69287 BSV Blockchain SDK has an Authentication Signature Data Preparation Vulnerability
The BSV Blockchain SDK is a unified TypeScript SDK for developing scalable apps on the BSV Blockchain. Prior to version 2.0.0, a cryptographic vulnerability in the TypeScript SDK's BRC-104 authentication implementation caused incorrect signature data preparation, resulting in signature...
MAL-2026-942 Malicious code in ethereum-lint (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f139611e5bee8bd888911afc42c4e762ba55dc37cb142d92fe4203209f917600 The package ethereum-lint was found to contain malicious code. Source: ghsa-malware d4db9b610771f0e6a14c8e5de6545323a4041420731492b2265b31ec14fdaa3b...
CVE-2026-0815 Category Image <= 2.0 - Authenticated (Editor+) Stored Cross-Site Scripting via 'tag-image' Parameter
The Category Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag-image' parameter in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Editor-level access and...
Weird Solutions BOOTP Turbo 安全漏洞
Weird Solutions BOOTP Turbo is a BOOTP and DHCP server software developed by Weird Solutions Corporation. The Weird Solutions BOOTP Turbo 2.0 version contains a security vulnerability caused by a buffer overflow, which may lead to denial-of-service attacks...
EUVD-2025-206822
Cross Site Scripting vulnerability in the "/admin/order/abandoned" endpoint of Microweber 2.0.19. An attacker can manipulate the "orderDirection" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The iss...
CVE-2026-22398
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Fleur fleur allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fleur: from n/a through = 2.0...
WordPress Extend Link plugin <= 2.0.0 - Server Side Request Forgery (SSRF) vulnerability
Server Side Request Forgery SSRF vulnerability discovered by theviper17 in WordPress Plugin Extend Link versions = 2.0.0...
CVE-2025-12984
The CVE-2025-12984 entry pertains to the WordPress plugin Advanced Ads – Ad Manager & AdSense. It describes an SQL Injection in the order parameter affecting all versions up to 2.0.15 due to insufficient escaping and inadequate query preparation. The vulnerability requires authenticated Administr...
WordPress Shipping Rate By Cities plugin <= 2.0.0 - Unauthenticated SQL Injection via 'city' Parameter vulnerability
Unauthenticated SQL Injection via 'city' Parameter vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Shipping Rate By Cities versions = 2.0.0...
CVE-2025-14829
The E-xact | Hosted Payment | WordPress plugin through 2.0 is vulnerable to arbitrary file deletion due to insufficient file path validation. This makes it possible for unauthenticated attackers to delete arbitrary files on the server...
Hubert Hub 安全漏洞
Hubert Hub is a digital management platform from Hubert Brazil. A security vulnerability exists in Hubert Hub v2.0 version 1.27.3, which stems from insecure permissions and could lead to an authenticated, low-privileged attacker requesting access to other user information via a specially crafted...
V-SOL GPON/EPON OLT Platform 输入验证错误漏洞
V-SOL GPON/EPON OLT Platform is an optical line terminal management platform from China Semiconductor V-SOL. An input validation error vulnerability exists in V-SOL GPON/EPON OLT Platform version v2.03, which stems from improper validation of the parent parameter input and could lead to an open...
PT-2026-1901
Name of the Vulnerable Software and Affected Versions zozothemes Corpkit versions through 2.0 Description A flaw exists in zozothemes Corpkit that allows for PHP Local File Inclusion due to improper control of filename for include/require statements. This issue is related to a PHP Remote File...
CVE-2025-14996
CVE-2025-14996 affects the AS Password Field In Default Registration Form WordPress plugin (
All-Dynamics enlogic:show 安全漏洞
All-Dynamics enlogic:show is a digital signage management system from All-Dynamics, Germany. A security vulnerability exists in All-Dynamics enlogic:show version 2.0.2, which stems from the presence of a session fixation vulnerability that could lead to bypassing authentication and performing...
EUVD-2023-56885
Cross-Site Request Forgery CSRF vulnerability in Automattic WP Job Manager allows Cross Site Request Forgery.This issue affects WP Job Manager: from n/a through 2.0.0...
PT-2026-1282
Name of the Vulnerable Software and Affected Versions Automattic WP Job Manager versions through 2.0.0 Description The software contains a Cross-Site Request Forgery CSRF issue. CSRF allows an attacker to perform actions on behalf of an authenticated user without their knowledge. Recommendations...
CVE-2025-28973
Summary of CVE-2025-28973: The vulnerability is a Path Traversal flaw in the WordPress plugin “AA-Team Pro Bulk Watermark Plugin for WordPress” (also referred to as Pro Bulk Watermark Plugin for WordPress) affecting versions up to 2.0. The root cause is insufficient sanitization of user-supplied ...
Atom CMS SQL注入漏洞
Atom CMS is an open source content management system from The Digital Craft. An SQL injection vulnerability exists in Atom CMS version 2.0, which stems from an unverified SQL injection in the id parameter of the admin index page, which could lead to a remote attacker manipulating database queries...
CVE-2025-6324
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in MatrixAddons Easy Invoice easy-invoice allows DOM-Based XSS.This issue affects Easy Invoice: from n/a through = 2.0.9...