CVE-2026-22497

Deserialization of Untrusted Data vulnerability in AncoraThemes Jardi jardi allows Object Injection.This issue affects Jardi: from n/a through = 1.7.2...

CVE-2025-69015

Missing Authorization vulnerability in Automattic Crowdsignal Forms crowdsignal-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Crowdsignal Forms: from n/a through = 1.7.2...

Linux Distros Unpatched Vulnerability : CVE-2019-10181

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising the signature...

WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.7.2 - CSRF to Settings Change vulnerability

CSRF to Settings Change vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin VikBooking Hotel Booking Engine & PMS versions = 1.7.2...

WordPress Google Transliteration plugin <= 1.7.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin Google Transliteration versions = 1.7.2...

AZL-54431 CVE-2024-45338 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.2-3

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

PT-2024-36211 · Woocommerce · Link Nacional Invoice Payment For Woocommerce

Name of the Vulnerable Software and Affected Versions: Link Nacional Invoice Payment for WooCommerce versions 1.7.2 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Reflected XSS...

PT-2024-26215 · Unknown · Moreconvert Mc Woocommerce Wishlist

Name of the Vulnerable Software and Affected Versions: MoreConvert MC Woocommerce Wishlist versions 1.7.2 and earlier Description: The issue is related to a Missing Authorization vulnerability in MoreConvert MC Woocommerce Wishlist. Recommendations: For MoreConvert MC Woocommerce Wishlist version...

PT-2024-26625 · Bestwebsoft · Contact Form To Db

Name of the Vulnerable Software and Affected Versions: Contact Form to DB by BestWebSoft versions 1.7.2 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for potential exploitation...

WordPress Qi Addons For Elementor plugin <= 1.7.2 - Authenticated (Contributor+) Local File Inclusion vulnerability

Authenticated Contributor+ Local File Inclusion vulnerability discovered by haidv35 in WordPress Plugin Qi Addons For Elementor versions = 1.7.2...

UBUNTU-CVE-2024-24577

libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to gitindexadd can cause heap corruption that could be leveraged for arbitrary code execution. There...

ai.databand.azkaban:az-core (=3.90.0), ai.databand.azkaban:azkaban-common (=3.18.0) +3309 more potentially affected by CVE-2019-13990 via org.quartz-scheduler:quartz (>=1.7.2 <=2.3.1)

org.quartz-scheduler:quartz MAVEN version =1.7.2, =0.5.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.1, =1.0.0, =1.3.0 and more Source cves: CVE-2019-13990 Source advisory: OSV:GHSA-9QCF-C26R-X5RF...

icedtea-web path traversal vulnerability

icedtea-web is an open source implementation of JSR-56 Java Network Launching Protocol and API. A path traversal vulnerability in icedtea-web versions 1.7.2 and earlier and 1.8.2 and earlier, which stems from a failure of a network system or product to properly filter for special elements in the...

Qemu: prevent possible buffer overflows

Multiple buffer overflows in QEMU before 1.7.2 and 2.x before 2.0.0, allow local users to cause a denial of service crash or possibly execute arbitrary code via a large 1 L1 table in the qcow2snapshotloadtmp in the QCOW 2 block driver block/qcow2-snapshot.c or 2 uncompressed chunk, 3 chunk length...