CVE-2025-69118

Unauthenticated Local File Inclusion in CopyPress = 1.4.5 versions...

CVE-2026-4094 FOX – Currency Switcher Professional for WooCommerce <= 1.4.5 - Missing Authorization to Authenticated (Contributor+) Configuration Deletion

The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the 'adminhead' function in all versions up to, and including, 1.4.5. This makes it possible for authenticated attackers, with Contributor-lev...

RustDesk 安全漏洞

RustDesk is a remote access and control software developed by RustDesk personal developers. It is primarily written in Rust and can be used to maintain computers and other devices remotely. Versions of RustDesk 1.4.5 and earlier contain security vulnerabilities. These vulnerabilities stem from...

CVE-2025-64234

Missing Authorization vulnerability in Evergreen Content Poster Evergreen Content Poster evergreen-content-poster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Evergreen Content Poster: from n/a through = 1.4.5...

EUVD-2025-27503

Malicious code in bioql PyPI...

CVE-2025-58645

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Gravitate Gravitate Automated Tester gravitate-automated-tester allows Stored XSS.This issue affects Gravitate Automated Tester: from n/a through = 1.4.5...

OpsMill Infrahub 安全漏洞

OpsMill Infrahub is an infrastructure resource management platform from the French company OpsMill. A security vulnerability exists in OpsMill Infrahub versions prior to 1.3.9 and prior to 1.4.5, which stems from an error in the authentication logic that could cause deleted or expired API tokens ...

CVE-2024-33542

Authorization Bypass Through User-Controlled Key vulnerability in Fabio Rinaldi Crelly Slider.This issue affects Crelly Slider: from n/a through 1.4.5...

CVE-2025-39387

CVE-2025-39387 covers a Local File Inclusion in the WordPress theme Opstore (Opstore theme). Affected product: Opstore theme, versions n/a through 1.4.5. Root cause: improper control of filename for include/require in PHP, enabling local file inclusion. Public details from CVE descriptions and Pa...

WordPress plugin Material Dashboard 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-14408 · Unknown · Material Dashboard

Name of the Vulnerable Software and Affected Versions: Material Dashboard versions n/a through 1.4.5 Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion', which allows PHP Local File Inclusion...

WordPress City Store theme <= 1.4.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Theme City Store versions = 1.4.5...

PT-2024-28127 · Ithemelandco · Ithemelandco Woocommerce Report

Name of the Vulnerable Software and Affected Versions: iThemelandCo WooCommerce Report versions 1.4.5 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS. Recommendation...

WordPress WooCommerce Report plugin <= 1.4.5 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Le Ngoc Anh Patchstack Alliance in WordPress Plugin WooCommerce Report versions = 1.4.5...

WordPress Plugin GS Insever Portfolio 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

Command injection

Versions of the package window-control before 1.4.5 are vulnerable to Command Injection via the sendKeys function, due to improper input sanitization...

PukiWiki 路径遍历漏洞

PukiWiki is a wiki software package developed by Lindsay. A security vulnerability exists in PukiWiki versions 1.4.5 through 1.5.3, which stems from a path traversal vulnerability. A remote attacker can exploit this vulnerability to execute malicious scripts via unspecified vectors...

PT-2022-22177 · Pukiwiki · Pukiwiki

Name of the Vulnerable Software and Affected Versions: PukiWiki versions 1.4.5 to 1.5.3 Description: A path traversal issue allows a remote authenticated attacker with administrative privileges to execute a malicious script. The attack vector is not specified. Recommendations: For PukiWiki versio...

WordPress 插件 跨站脚本漏洞

WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the WordPress plugin that stems from insufficient input validation and cleanup in the Business Manager plugin, which makes it vulnerable to stored cross-site scripting, allowing an...

PT-2020-15512 · Jenkins · Jenkins Liquibase Runner Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Liquibase Runner Plugin versions 1.4.5 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability. This occurs because the plugin does not escape changeset contents when showing them on the build pag...