PT-2026-26637

A cross-site scripting XSS vulnerability has been reported to affect QuFTP Service. If a remote attacker gains an administrator account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following version...

EUVD-2025-197958

The Restrictions for BuddyPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handleoptinoptout function in all versions up to, and including, 1.5.2. This makes it possible for unauthenticated attackers to opt in and out of tracki...

EUVD-2025-28558

Malicious code in bioql PyPI...

EUVD-2025-30535

Malicious code in bioql PyPI...

CVE-2025-53307

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Beaver Builder WordPress Assistant assistant allows Reflected XSS.This issue affects WordPress Assistant: from n/a through = 1.5.2...

CVE-2025-58863 WordPress Zoomify embed for WP Plugin <= 1.5.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SdeWijs Zoomify embed for WP zoom-image-shortcode allows Stored XSS.This issue affects Zoomify embed for WP: from n/a through = 1.5.2...

WordPress CM On Demand Search And Replace Plugin <= 1.5.2 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Bao BlueRock in WordPress Plugin CM On Demand Search And Replace versions = 1.5.2...

WordPress Pricing Table builder plugin <= 1.5.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Skalucy in WordPress Plugin Pricing Table builder versions = 1.5.3...

WordPress plugin Zapier for WordPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2023-23872

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in German Mesky GMAce allows Path Traversal.This issue affects GMAce: from n/a through 1.5.2...

SquirrelMail 跨站脚本漏洞

SquirrelMail is a cross-platform Webmail mail system developed by SquirrelMail using the PHP language. A security vulnerability exists in SquirrelMail versions 1.4.23-svn-20250401 and earlier and 1.5.2-svn-20250401 and earlier versions 1.5.x, which stems from improper handling of email headers an...

PT-2024-33080 · Run.Codes · Run.Codes

Name of the Vulnerable Software and Affected Versions: Run.codes versions 1.5.2 and older Description: The issue is related to a reset password race condition in the UsersController.php file. This condition can be problematic and poses a risk. There is no information provided about the estimated...

PT-2024-24086

Name of the Vulnerable Software and Affected Versions OpenFGA versions 1.5.0 through 1.5.2 Description The issue concerns an authorization bypass when calling Check or ListObjects APIs in OpenFGA. Users are likely affected if their model involves exclusion e.g., a but not b or intersection e.g., ...

CVE-2022-40702

Missing Authorization vulnerability in Zorem Advanced Local Pickup for WooCommerce.This issue affects Advanced Local Pickup for WooCommerce: from n/a through 1.5.2...

CVE-2023-47840

Improper Control of Generation of Code 'Code Injection' vulnerability in Qode Interactive Qode Essential Addons.This issue affects Qode Essential Addons: from n/a through 1.5.2...

DEBIAN-CVE-2023-4875

Null pointer dereference when composing from a specially crafted draft message in Mutt 1.5.2 2.2.12...

CVE-2023-23861

Cross-Site Request Forgery CSRF vulnerability in German Mesky GMAce plugin = 1.5.2 versions...

WordPress Plugin GMAce 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

Apache Superset SQL注入漏洞

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset versions 1.5.2 and earlier and 2.0.0 have a SQL injection vulnerability that stems from a problem with the SQL Alchemy connector, which allows an authenticated user with read acce...

tensorflowjs (>=1.5.2 <=1.7.4) potentially affected by CVE-2020-26266 via tensorflow-cpu (=2.1.0)

tensorflow-cpu PYPI version =2.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-cpu and may be impacted: - tensorflowjs =1.5.2, =1.7.4 Source cves: CVE-2020-26266 Source advisory: OSV:GHSA-QHXX-J73R-QPM2...