CVE-2026-42259

Saltcorn is an extensible, open source, no-code database application builder. Prior to versions 1.4.6, 1.5.6, and 1.6.0-beta.5, Saltcorn validates the post-login dest parameter with a string check that only blocks :/ and //. Because all WHATWG-compliant browsers normalise backslashes \ to forward...

PT-2026-37184

Name of the Vulnerable Software and Affected Versions Saltcorn versions prior to 1.4.6 Saltcorn versions prior to 1.5.6 Saltcorn versions prior to 1.6.0-beta.5 Description Saltcorn fails to properly validate the dest parameter during the post-login process. The is relative url function only block...

WordPress plugin Payment Page 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

CVE-2025-67584

CVE-2025-67584 affects rtCamp GoDAM (WordPress Plugin) 1.4.6 (or apply vendor-provided fix) to mitigate unauthorized access risks.

WordPress Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin <= 1.4.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms versions = 1.4.6...

CVE-2025-12100

Incorrect Default Permissions vulnerability in MongoDB BI Connector ODBC driver allows Privilege Escalation.This issue affects BI Connector ODBC driver: from 1.0.0 through 1.4.6...

EUVD-2025-26037

Malicious code in bioql PyPI...

WordPress plugin Material Dashboard 授权问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An authorization issue...

CVE-2025-55443

Telpo MDM 1.4.6 thru 1.4.9 for Android contains sensitive administrator credentials and MQTT server connection details IP/port that are stored in plaintext within log files on the device's external storage. This allows attackers with access to these logs to: 1. Authenticate to the MDM web platfor...

CVE-2023-27605

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Sajjad Hossain WP Reroute Email allows SQL Injection.This issue affects WP Reroute Email: from n/a through 1.4.6...

WordPress plugin Wiki Embed 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site request forgery...

WordPress plugin Really Simple Under Construction Page 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in PHP. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress plugin Really Simple...

PT-2025-34811 · Telpo · Telpo Mdm

Name of the Vulnerable Software and Affected Versions: Telpo MDM versions 1.4.6 through 1.4.9 Description: The Telpo MDM Android platform stores sensitive administrator credentials and MQTT server connection details IP/port in plaintext within log files on the device's external storage. This allo...

WordPress plugin Arabic Webfonts 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

WordPress Arabic Webfonts plugin <= 1.4.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Marek Mikita Patchstack Alliance in WordPress Plugin Arabic Webfonts versions = 1.4.6...

sepal-ui (>=2.10.0 <=2.16.3), stactools-planet (>=0.1.0 <=0.1.6) potentially affected by CVE-2023-32303 via planet (>=1.4.6 <=2.0.0rc2)

planet PYPI version =1.4.6, =2.10.0, =0.1.0, =0.1.6 Source cves: CVE-2023-32303 Source advisory: OSV:GHSA-J5FJ-RFH6-QJ85...

WordPress plugin Duplicator 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

UBUNTU-CVE-2014-0006

The TempURL middleware in OpenStack Object Storage Swift 1.4.6 through 1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote attackers to obtain secret URLs by leveraging an object name and a timing side-channel attack...

PT-2013-1124 · Davfs2 +1 · Davfs2 +1

Name of the Vulnerable Software and Affected Versions: davfs2 versions 1.4.6 through 1.4.7 Description: The issue allows local users to gain privileges via unknown attack vectors in files such as kernel interface.c and mount davfs.c, related to the system function. Multiple vulnerabilities in the...