CVE-2025-53215

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 8bitkid Yahoo! WebPlayer yahoo-media-player allows Reflected XSS.This issue affects Yahoo! WebPlayer: from n/a through = 2.0.6...

PT-2025-32623 · WordPress · B Blocks

Name of the Vulnerable Software and Affected Versions: B Blocks plugin for WordPress versions prior to 2.0.7 Description: The B Blocks plugin for WordPress is susceptible to privilege escalation due to missing authorization and improper input validation within the rgfr registration function. This...

CVE-2024-24718

Missing Authorization vulnerability in PropertyHive.This issue affects PropertyHive: from n/a through 2.0.6...

WordPress plugin Cognito Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2024-47158

N-LINE 2.0.6 and prior versions contain a code injection vulnerability. If this vulnerability is exploited, arbitrary code may be executed on the instructor's browser, or the instructor may be directed to a malicious website...

PT-2024-15993 · WordPress · Transients Manager

Name of the Vulnerable Software and Affected Versions: Transients Manager plugin for WordPress version 2.0.6 and earlier Description: The issue is due to missing or incorrect nonce validation on the process actions function, making it possible for unauthenticated attackers to delete transients vi...

@alfresco/adf-testing (=6.0.0-A.2-8258), @aller/svelte-components (>=1.5.1 <=1.5.17) +207 more potentially affected by CVE-2024-21536 via http-proxy-middleware (>=2.0.0 <=2.0.6)

http-proxy-middleware NPM version =2.0.0, =1.5.1, =2.0.0, =17.0.0, =9.3.0, =2.3.1, =1.92.0, =1.0.1, =1.0.10, =1015.132.0, =0.0.1, =1.2.0, =0.1.0, =0.1.5 and more Source cves: CVE-2024-21536 Source advisory: SNYK:JS-HTTPPROXYMIDDLEWARE-8229906...

CVE-2024-24718

CVE-2024-24718: PropertyHive WordPress plugin had a Missing Authorization flaw (unauthenticated) allowing activation of pro features via activate_pro_feature() without proper capability checks

PT-2023-10304 · Unknown · Pluscaptcha Plugin

Name of the Vulnerable Software and Affected Versions: PlusCaptcha Plugin versions up to 2.0.6 Description: A vulnerability was found in the PlusCaptcha Plugin, which is classified as problematic. The issue affects some unknown functionality and leads to cross-site scripting. The attack can be...

PT-2023-23892 · Unknown · Brandbrilliance Post State Tags

Name of the Vulnerable Software and Affected Versions: BRANDbrilliance Post State Tags plugin versions 2.0.6 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended...

com.github.gfernandez598:springwebflow-optforrepl (=1.0), com.github.stephanarts:cas-server-integration-zeromq (>=0.0.1 <=0.0.8) +443 more potentially affected by CVE-2017-8039 via org.springframework.webflow:spring-webflow (>=2.0.6.RELEASE <=2.4.5.RELEASE)

org.springframework.webflow:spring-webflow MAVEN version =2.0.6.RELEASE, =0.0.1, =1.0, =1.0.0.RELEASE, =1.0, =1.0, =1.0.0-GA, =1.0.0-GA, =1.0.0-GA, =1.0.0-GA, =1.0.0-RC1 and more Source cves: CVE-2017-8039 Source advisory: OSV:GHSA-Q4V9-QJMW-J7VF...

PT-2021-23998 · Laravel · Laravel Ignition

Name of the Vulnerable Software and Affected Versions: Laravel Ignition component versions prior to 1.16.15 Laravel Ignition component versions 2.0.x prior to 2.0.6 Description: The issue concerns the "fix variable names" feature in the Ignition component for Laravel, which can lead to incorrect...

PT-2021-20330 · Jdom +3 · Jdom +3

Name of the Vulnerable Software and Affected Versions: JDOM versions 2.0.6 and earlier Description: An XXE issue in SAXBuilder in JDOM allows attackers to cause a denial of service via a crafted HTTP request. Recommendations: For JDOM versions 2.0.6 and earlier, as a temporary workaround, conside...

CVE-2010-5027

Cross-site scripting XSS vulnerability in winners.php in Science Fair In A Box SFIAB 2.0.6 and 2.2.0 allows remote attackers to inject arbitrary web script or HTML via the type parameter. NOTE: some of these details are obtained from third party information...