WordPress LightPress Lightbox plugin <= 2.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'group' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'group' Shortcode Attribute vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP jQuery Lightbox versions = 2.3.4...

nautobot-device-resources (=1.0.0), nautobot-fsus (>=2.0.0 <=2.0.2) +2 more potentially affected by CVE-2025-49142 via nautobot (>=2.0.0 <=2.3.4)

nautobot PYPI version =2.0.0, =2.0.0, =2.0.0, =2.5.0 - nautobot-ssot-unifi =1.0.2 Source cves: CVE-2025-49142 Source advisory: OSV:GHSA-WJW6-95H5-4JPX...

WordPress plugin User Activity Log Pro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2024-27432 · Striking · Striking

Name of the Vulnerable Software and Affected Versions: Striking versions n/a through 2.3.4 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS. Recommendations: For versions n/a...

PT-2024-15015 · WordPress · Wp Jobsearch

Name of the Vulnerable Software and Affected Versions: WP JobSearch WordPress plugin versions prior to 2.3.4 Description: The issue allows unauthenticated attackers to upload arbitrary files, such as PHP files, to the server due to a lack of file validation for uploads. This could potentially lea...

CVE-2023-40008

Cross-Site Request Forgery CSRF vulnerability in Gangesh Matta Simple Org Chart plugin = 2.3.4 versions...

WordPress Plugin Opt-Out for Google Analytics 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

CVE-2022-27043

Yearning versions 2.3.1 and 2.3.2 Interstellar GA and 2.3.4 - 2.3.6 Neptune is vulnerable to Directory Traversal...

PYSEC-2021-759

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the code for tf.rawops.SaveV2 does not properly validate the inputs and an attacker can trigger a null pointer dereference. The implementation uses ValidateInputs to check that the input arguments are vali...

CVE-2021-37650

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for tf.rawops.ExperimentalDatasetToTFRecord and tf.rawops.DatasetToTFRecord can trigger heap buffer overflow and segmentation fault. The implementation assumes that all records in the...

PYSEC-2021-766

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a read from outside of bounds of heap allocated data by sending invalid arguments to tf.rawops.ResourceScatterUpdate. The implementation has an incomplete validation of the...

PT-2021-21768 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.6.0 TensorFlow versions 2.5.1 and earlier TensorFlow versions 2.4.3 and earlier TensorFlow versions 2.3.4 and earlier Description: The implementation for tf.raw ops.BoostedTreesCreateEnsemble can result in a use...

Command injection

Magento versions 2.3.4 and earlier, 2.2.11 and earlier see note, 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution...

PT-2020-20729 · Adobe · Magento

Name of the Vulnerable Software and Affected Versions: Magento versions 2.3.4 and earlier Magento versions 2.2.11 and earlier Magento versions 1.14.4.4 and earlier Magento versions 1.9.4.4 and earlier Description: The issue is a command injection vulnerability that could lead to arbitrary code...

PT-2020-6322 · Adobe · Magento

Name of the Vulnerable Software and Affected Versions: Magento versions 2.3.4 and earlier Magento versions 2.2.11 and earlier Magento versions 1.14.4.4 and earlier Magento versions 1.9.4.4 and earlier Description: The issue is related to the lack of protection of the web page structure in Magento...

PT-2020-6324 · Adobe · Magento

Name of the Vulnerable Software and Affected Versions: Magento versions 2.3.4 and earlier Magento versions 2.2.11 and earlier Magento versions 1.14.4.4 and earlier Magento versions 1.9.4.4 and earlier Description: The issue is related to incorrect code generation management in the Magento Commerc...