Synology BeeDrive 安全漏洞

Synology BeeDrive is a backup and synchronization device developed by the Chinese company Synology. Versions of Synology BeeDrive prior to 1.3.2-13814 contained a security vulnerability. This vulnerability stemmed from the redis-server component, where external access to certain files or...

CVE-2026-42773 WordPress eMagicOne Store Manager plugin <= 1.3.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in eMagicOne eMagicOne Store Manager allows Blind SQL Injection. This issue affects eMagicOne Store Manager: from n/a through 1.3.2...

WordPress plugin eMagicOne Store Manager SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL injection...

PT-2026-25195

CVE-2026-32348 Missing Authorization vulnerability in MadrasThemes MAS Videos masvideos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MA… https://t.co/aNSuwN2k7g...

CVE-2026-3185

A vulnerability was found in feiyuchuixue sz-boot-parent up to 1.3.2-beta. Affected is an unknown function of the file /api/admin/sys-message/ of the component API Endpoint. The manipulation of the argument messageId results in authorization bypass. The attack can be launched remotely. The exploi...

Sz-Admin 路径遍历漏洞

Sz-Admin is a mid-backend management software developed by INS6+ individual developers. Versions of Sz-Admin such as 1.3.2-beta and earlier contained a path traversal vulnerability. This vulnerability stemmed from incorrect handling of the parameter templateName in...

WordPress MAS Videos plugin <= 1.3.4 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin MAS Videos versions = 1.3.4...

CVE-2025-67473

Cross-Site Request Forgery CSRF vulnerability in codeworkweb CWW Companion cww-companion allows Cross Site Request Forgery.This issue affects CWW Companion: from n/a through = 1.3.2...

WordPress SiteSEO – SEO Simplified plugin <= 1.3.2 - Improper Authorization to Authenticated Settings Reset vulnerability

Improper Authorization to Authenticated Settings Reset vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin SiteSEO versions = 1.3.2...

WordPress Supervisor plugin <= 1.3.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update vulnerability

Missing Authorization to Authenticated Subscriber+ Settings Update vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Supervisor versions = 1.3.2...

WordPress SureRank plugin <= 1.3.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by ? in WordPress Plugin SureRank versions = 1.3.2...

CVE-2025-59037 DuckDB NPM packages 1.3.3 and 1.29.2 briefly compromised with malware

DuckDB is an analytical in-process SQL database management system. On 08 September 2025, the DuckDB distribution for Node.js on npm was compromised with malware along with several other packages. An attacker published new versions of four of DuckDB's packages that included malicious code to...

WordPress plugin Include Me 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerabili...

CVE-2025-58868

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Simasicher SimaCookie simasicher-dsgvo-cookie allows Stored XSS.This issue affects SimaCookie: from n/a through = 1.3.2...

WordPress Event Feed for Eventbrite Plugin <= 1.3.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Event Feed for Eventbrite versions = 1.3.2...

CVE-2025-54475

A SQL injection vulnerability in the JS Jobs plugin versions 1.3.2-1.4.4 for Joomla allows low-privilege users to execute arbitrary SQL commands...

CVE-2025-54475 Extension - joomsky.com - SQL injection in JS jobs component version 1.3.2 - 1.4.4 for Joomla

A SQL injection vulnerability in the JS Jobs plugin versions 1.3.2-1.4.4 for Joomla allows low-privilege users to execute arbitrary SQL commands...

PT-2025-33482 · Joomla +1 · Joomla! +1

Name of the Vulnerable Software and Affected Versions: JS Jobs plugin versions 1.3.2 through 1.4.4 Description: A SQL injection vulnerability in the JS Jobs plugin for Joomla allows low-privilege users to execute arbitrary SQL commands. Recommendations: Update the JS Jobs plugin to a version late...

CVE-2025-54686

Deserialization of Untrusted Data vulnerability in scriptsbundle Exertio exertio allows Object Injection.This issue affects Exertio: from n/a through = 1.3.2...

CVE-2025-54686 WordPress Exertio Theme <= 1.3.2 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in scriptsbundle Exertio exertio allows Object Injection.This issue affects Exertio: from n/a through = 1.3.2...