Databasir 安全漏洞

Databasir is a open-source relational database model documentation management platform for teams. Versions of Databasir 1.0.7 and earlier contain security vulnerabilities. These vulnerabilities stem from SQL injections in the query parameters of the search API endpoint, which could allow remote...

@aexol/opencode-tui (>=0.2.5 <=0.2.10), @alcyone-labs/arg-parser (>=2.11.0 <=2.13.4) +88 more potentially affected by CVE-2026-24006 via seroval (>=1.0.7 <=1.3.2)

seroval NPM version =1.0.7, =0.2.5, =2.11.0, =1.0.0, =1.0.0, =1.1.54, =1.1.54, =1.0.24, =0.1.0, =0.3.0, =1.0.0, =1.1.1 and more Source cves: CVE-2026-24006 Source advisory: SNYK:JS-SEROVAL-15054527...

@aexol/opencode-tui (>=0.2.5 <=0.2.10), @alcyone-labs/arg-parser (>=2.11.0 <=2.13.4) +88 more potentially affected by CVE-2026-23737 via seroval (>=1.0.7 <=1.3.2)

seroval NPM version =1.0.7, =0.2.5, =2.11.0, =1.0.0, =1.0.0, =1.1.54, =1.1.54, =1.0.24, =0.1.0, =0.3.0, =1.0.0, =1.1.1 and more Source cves: CVE-2026-23737 Source advisory: SNYK:JS-SEROVAL-15054506...

CVE-2025-62123

Cross-Site Request Forgery CSRF vulnerability in inkthemes WP Gmail SMTP wp-gmail-smtp allows Cross Site Request Forgery.This issue affects WP Gmail SMTP: from n/a through = 1.0.7...

PT-2025-54403

Server-Side Request Forgery SSRF vulnerability in extendons WordPress & WooCommerce Scraper Plugin, Import Data from Any Site allows Server Side Request Forgery.This issue affects WordPress & WooCommerce Scraper Plugin, Import Data from Any Site: from n/a through 1.0.7...

CVE-2025-53238

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Toast Plugins Toast Mobile Menu toast-responsive-menu allows Stored XSS.This issue affects Toast Mobile Menu: from n/a through = 1.0.8...

CVE-2025-53238 WordPress Toast Mobile Menu plugin <= 1.0.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Toast Plugins Toast Mobile Menu toast-responsive-menu allows Stored XSS.This issue affects Toast Mobile Menu: from n/a through = 1.0.8...

CVE-2025-58843

Cross-Site Request Forgery CSRF vulnerability in David Merinas Auto Last Youtube Video auto-last-youtube-video allows Stored XSS.This issue affects Auto Last Youtube Video: from n/a through = 1.0.7...

com.github.grantlittle:bdd-reporting-server (>=0.1.5 <=0.1.7), com.github.grantlittle:bdd-reporting-service (=0.1.9) +699 more potentially affected by CVE-2025-0716 via org.webjars.bower:angular (>=1.0.7 <=1.8.3)

org.webjars.bower:angular MAVEN version =1.0.7, =0.1.5, =1.1.0, =0.4.4, =0.4.4, =0.3.5, =0.4.1, =0.4.4, =0.3.5, =0.4.4, =0.5.1 and more Source cves: CVE-2025-0716 Source advisory: SNYK:JAVA-ORGWEBJARSBOWER-9919774...

CVE-2025-32248 WordPress SwiftXR (3D/AR/VR) Viewer plugin <= 1.0.7 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in SwiftXR SwiftXR 3D/AR/VR Viewer allows Cross Site Request Forgery. This issue affects SwiftXR 3D/AR/VR Viewer: from n/a through 1.0.7...

CVE-2024-5204

The Swiss Toolkit For WP plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.7. This is due to the plugin storing custom data in post metadata without an underscore prefix. This makes it possible for authenticated attackers with contributor-level and...

WordPress plugin Buk for WordPress 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripti...

WordPress CommandBar for WP Admin plugin <= 1.0.7 - Malicious Polyfill.io Embed vulnerability

Malicious Polyfill.io Embed vulnerability discovered by Sansec.io in WordPress Plugin CommandBar for WP Admin versions = 1.0.7...

WordPress Google CSE plugin <= 1.0.7 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Google CSE versions = 1.0.7...

CVE-2023-2549

The Feather Login Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions starting from 1.0.7 up to, and including, 1.1.1. This is due to missing nonce validation in the 'createTempAccountLink' function. This makes it possible for unauthenticated attackers to create a ne...

SUSE CVE-2012-0065

Heap-based buffer overflow in the receivepacket function in libusbmuxd/libusbmuxd.c in usbmuxd 1.0.5 through 1.0.7 allows physically proximate attackers to execute arbitrary code via a long SerialNumber field in a property list...

WordPress plugin Access Demo Importer 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

CVE-2021-20412

IBM Security Verify Information Queue 1.0.6 and 1.0.7 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 198192...

Artifex Software Artifex MuJS Resource Management Error Vulnerability

Artifex Software Artifex MuJS is a lightweight JavaScript interpreter from Artifex Software that is used to embed into other software to provide script execution capabilities. A resource management error vulnerability exists in the jsrun.c file in Artifex Software Artifex MuJS 1.0.7 and earlier...

PT-2006-2289 · Mozilla · Firefox

Name of the Vulnerable Software and Affected Versions: Mozilla Firefox versions 1.0.7 through 1.5.0.1 Description: The issue allows remote attackers to cause a denial of service via an HTML tag with a large number of script action handlers such as onload and onmouseover. This triggers the crash...