WordPress plugin Login No Captcha reCAPTCHA 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

litemall 注入漏洞

Litemall is a small shopping system developed by Linlinjava’s developers. Versions of Litemall 1.8.0 and earlier had a injection vulnerability, which originated from an unknown function in the Admin Endpoint component. This vulnerability could lead to SQL injection attacks. The attacks can be...

EUVD-2017-5278

Malware in sbrugna...

CVE-2025-57768

Phproject is a high performance full-featured project management system. From 1.8.0 to before 1.8.3, a Stored Cross-Site Scripting XSS vulnerability exists in the Planned Hours field when creating a new project. When sending a POST request to /issues/new/, the value provided in the Planned Hours...

CVE-2025-57768

Phproject is a high performance full-featured project management system. From 1.8.0 to before 1.8.3, a Stored Cross-Site Scripting XSS vulnerability exists in the Planned Hours field when creating a new project. When sending a POST request to /issues/new/, the value provided in the Planned Hours...

Komga 安全漏洞

Komga is a media server for comics, magazines, and eBooks by Gauthier Personal Developers. A security vulnerability exists in Komga versions 1.8.0 through 1.21.3, which stems from the presence of cross-site scripting in the EPUB resource that could lead to execution of operations as a victim...

SUSE CVE-2025-48371

OpenFGA is an authorization/permission engine. OpenFGA versions 1.8.0 through 1.8.12 corresponding to Helm chart openfga-0.2.16 through openfga-0.2.30 and docker 1.8.0 through 1.8.12 are vulnerable to authorization bypass when certain Check and ListObject calls are executed. Users are affected...

WordPress plugin Rankie 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2024-30431

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Hometory Mang Board WP allows Reflected XSS.This issue affects Mang Board WP: from n/a through 1.8.0...

WordPress plugin Cooked 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2024-24288 · Unknown · Faktor Vier F4 Improvements

Name of the Vulnerable Software and Affected Versions: FAKTOR VIER F4 Improvements versions 1.8.0 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows stored cross-site scripting XSS. This means that an attacker can inject...

PT-2024-22146 · Deno · Deno

Name of the Vulnerable Software and Affected Versions: Deno versions 1.8.0 through 1.40.3 Description: Deno improperly checks that an import specifier's hostname is equal to or a child of a token's hostname, which can cause tokens to be sent to servers they shouldn't be sent to. An auth token...

PT-2023-21112 · Ramon Fincken · Ramon Fincken Auto Prune Posts Plugin

Name of the Vulnerable Software and Affected Versions: Ramon Fincken Auto Prune Posts plugin versions = 1.8.0 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a...

AZL-13030 CVE-2023-22809 affecting package sudo for versions less than 1.9.12p2-1

In Sudo before 1.9.12p2, the sudoedit aka -e feature mishandles extra arguments passed in the user-provided environment variables SUDOEDITOR, VISUAL, and EDITOR, allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected...

OESA-2022-2079 sudo security update

Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is to give as few privileges as possible but still allow people to get their work done. Security Fixes: Sudo 1.8.0 through 1.9.12, with the crypt password backend,...

HashiCorp Vault 安全漏洞

HashiCorp Vault is a private key access management tool from the US-based HashiCorp. A security vulnerability exists in HashiCorp Vault and Vault Enterprise versions 1.8.0 through 1.11.2 that stems from an issue with checking for the correct alias assigned to an entity, Vault may overwrite metada...

cc.catalysts.boot:cat-boot-report-pdf (=0.0.10), com.bit-scout:pdf-converter (=1.0.0) +227 more potentially affected by CVE-2018-8036 via org.apache.pdfbox:pdfbox (>=1.8.0 <=1.8.14)

org.apache.pdfbox:pdfbox MAVEN version =1.8.0, =0.6, =0.9, =3.0, =1.3.3-2.10, =0.0.2, =0.0.2, =1.0, =1.0, =1.0, =1.3 and more Source cves: CVE-2018-8036 Source advisory: OSV:GHSA-J2XQ-PFFF-MVGG...

HashiCorp Consul 资源管理错误漏洞

HashiCorp Consul is a suite of distributed, highly available data center-aware solutions from HashiCorp USA. The product is used to connect and provision applications across a dynamically distributed infrastructure. A resource management error vulnerability exists in HashiCorp Consul and Consul...

Hashicorp HashiCorp Vault 安全漏洞

Hashicorp HashiCorp Vault is a private key access management tool from HashiCorp Hashicorp, USA. A security vulnerability exists in HashiCorp Vault andVault Enterprise versions 1.8.0 through 1.8.4, which stems from the possibility of unexpected interactions between the software's globally relevan...

PT-2021-23415 · Hashicorp · Hashicorp Vault +1

Name of the Vulnerable Software and Affected Versions: HashiCorp Vault and Vault Enterprise versions 1.7.0 through 1.7.4 HashiCorp Vault and Vault Enterprise versions 1.8.0 through 1.8.3 Description: The issue allows a user with write permission to an entity alias ID sharing a mount accessor with...