CVE-2026-35477

InvenTree is an Open Source Inventory Management System. From 1.2.3 to 1.2.6, the fix for CVE-2026-27629 upgraded the PARTNAMEFORMAT validator to use jinja2.sandbox.SandboxedEnvironment. However, the actual renderer in part/helpers.py was not updated and still uses the non-sandboxed...

CVE-2026-39637 WordPress Mogi theme <= 1.2.3 - Arbitrary Shortcode Execution vulnerability

Missing Authorization vulnerability in SpabRice Mogi mogi allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mogi: from n/a through = 1.2.3...

Mesop 安全漏洞

Mesop is a fast-building Python web application UI framework developed by Mesop OpenSource. Versions of Mesop from 1.2.3 to 1.2.5 contained security vulnerabilities. These vulnerabilities were due to uncontrolled resource consumption issues in the WebSocket implementation. This could allow...

WordPress plugin Icon List Block 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. WordPress...

WordPress Tablesome plugin <= 1.2.3 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin Tablesome versions = 1.2.3...

WordPress Black Rider theme <= 1.2.3 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Legion Hunter in WordPress Theme Black Rider versions = 1.2.3...

CVE-2025-60063

CVE-2025-60063 relates to an Improper Control of Filename for Include/Require Statement in PHP (PHP Remote File Inclusion) affecting the WordPress Rosalinda theme. Connected sources specify a Local File Inclusion vulnerability in Rosalinda versions up to 1.2.3, caused by improper filename handlin...

WordPress plugin Magazine Companion 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2025-61789

Icinga DB Web provides a graphical interface for Icinga monitoring. Before 1.1.4 and 1.2.3, an authorized user with access to Icinga DB Web, can use a custom variable in a filter that is either protected by icingadb/protect/variables or hidden by icingadb/denylist/variables, to guess values...

PT-2025-33188 · Unknown · Soundst Seo Search

Name of the Vulnerable Software and Affected Versions: SoundSt SEO Search versions through 1.2.3 Description: The software contains a reflected cross-site scripting XSS issue due to improper neutralization of input during web page generation. Recommendations: Versions prior to 1.2.3 should be...

WordPress Easy Charts plugin <= 1.2.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by muhammad yudha Patchstack Alliance in WordPress Plugin Easy Charts versions = 1.2.3...

WordPress Product Table For WooCommerce Plugin <= 1.2.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by zaim Patchstack Alliance in WordPress Plugin Product Table For WooCommerce versions = 1.2.3...

WordPress Store Commerce theme <= 1.2.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Michael Patchstack Alliance in WordPress Theme Store Commerce versions = 1.2.3...

WordPress plugin Preloader by WordPress Monsters 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...

PT-2024-36814 · Openfhe · Openfhe

Name of the Vulnerable Software and Affected Versions: OpenFHE versions 1.2.3 and earlier Description: The issue is related to a NULL pointer dereference in the BinFHEContext::EvalFloor function located in lib/binfhe-base-scheme.cpp. This problem can lead to a crash or potentially allow an attack...

PT-2024-36627 · Unknown · Dr Affiliate

Name of the Vulnerable Software and Affected Versions: Dr Affiliate versions 1.2.3 and earlier Description: The issue is related to an SQL Injection vulnerability, which allows attackers to manipulate SQL commands. This is due to the improper neutralization of special elements used in an SQL...

WordPress Cryptocurrency Price Widget plugin <= 1.2.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Aiden in WordPress Plugin Cryptocurrency Price Widget versions = 1.2.3...

WordPress Easy Accordion Gutenberg Block plugin <= 1.2.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Trương Hữu Phúc Patchstack Alliance in WordPress Plugin Easy Accordion Gutenberg Block versions = 1.2.3...

PT-2024-34280 · Unknown · Deryck Oñate User Toolkit

Name of the Vulnerable Software and Affected Versions: Deryck Oñate User Toolkit versions 1.2.3 and earlier Description: The issue is related to an Authentication Bypass Using an Alternate Path or Channel, allowing unauthorized access. This is a significant security concern as it potentially...

OpenMetadata authentication bypass and SpEL injection exploit chain

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. This module chains two vulnerabilities that exist in the OpenMetadata aplication. The first vulnerability, CVE-2024-28255,...