CVE-2026-8042

The Github Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'repo' shortcode attribute in the 'github' shortcode in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

WordPress Responsive Video Embedder plugin <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin Responsive Video Embedder versions = 0.1...

PT-2026-35193

Hickory DNS hickory-recursor 0.1 through 0.25.2 allows cross-zone poisoning because cached data is not directly associated with a query that triggered a response...

WordPress Featured Image via URL plugin <= 0.1 - Authenticated (Contributor+) Arbitrary FIle Upload vulnerability

Authenticated Contributor+ Arbitrary FIle Upload vulnerability discovered by kr0d in WordPress Plugin Featured Image via URL versions = 0.1...

WordPress plugin Realty Portal 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

WordPress plugin JSON Structuring Markup 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

PT-2025-5058 · Gigaom · Gigaom Sphinx

Name of the Vulnerable Software and Affected Versions: Gigaom Sphinx versions up to 0.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as 'Cross-site Scripting', which allows Reflected XSS. This enables attackers to inject malicious...

WordPress plugin REAL WordPress Sidebar 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin WP Repost 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress plugin Simple Travel Map 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

MdAlAmin-aol Own Health Record Cross-Site Request Forgery Vulnerability

MdAlAmin-aol Own Health Record is a personal health record software by the individual developer of MdAlAmin-aol. A cross-site request forgery vulnerability exists in MdAlAmin-aol Own Health Record, which stems from a cross-site request forgery vulnerability in the file includes/logout.php. Affect...

PT-2023-22746 · Jenkins · Jenkins Quay.Io Trigger Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Quay.io trigger Plugin versions 0.1 and earlier Description: A missing permission check in the Jenkins Quay.io trigger Plugin allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repositor...

WordPress plugin WP RSS By Publishers SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerability exist...

WeBank Federated AI Technology Enabler 安全漏洞

WeBank Federated AI Technology Enabler is an industrial-grade federated learning framework. A security vulnerability exists in WeBank Federated AI Technology Enabler versions 0.1 through 1.4.2. An attacker exploited the vulnerability to read sensitive information during the training process of...

many-versioned-wheel (>=0.1.0 <=0.2.0) potentially affected by CVE-2011-1158 via feedparser (=5.0.0)

feedparser PYPI version =5.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on feedparser and may be impacted: - many-versioned-wheel =0.1.0, =0.2.0 Source cves: CVE-2011-1158 Source advisory: OSV:GHSA-4M72-RMM9-2QJR...

PT-2006-5835 · Net2Ftp · Net2Ftp

Name of the Vulnerable Software and Affected Versions: net2ftp versions 0.1 through 0.62 Description: A remote file inclusion issue in index.php allows remote attackers to execute arbitrary PHP code via a URL in the application rootdir parameter. However, this issue has been disputed by a...