WordPress TopNewsWp – Display Tikcer News, RSS Feed Widget and Many More plugin <= 2.4.1 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Top News – Best News Plugin for WordPress versions = 2.4.1...

CVE-2026-32421 WordPress Post Timeline plugin <= 2.4.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Agile Logix Post Timeline post-timeline allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Timeline: from n/a through = 2.4.1...

CVE-2026-24124

Dragonfly CVE-2026-24124 describes an unauthenticated access flaw in the Manager Job API. In versions 2.4.1-rc.0 and earlier, the Job API endpoints under /api/v1/jobs lack JWT authentication middleware and RBAC checks, allowing unauthenticated users with Manager API access to view, create, modify...

WordPress Drop Uploader for CF7 - Drag&Drop File Uploader Addon Plugin <= 2.4.1 - Arbitrary File Upload Vulnerability

WordPress Drop Uploader for CF7 - Drag&Drop File Uploader Addon Plugin = 2.4.1 - Arbitrary File Upload Vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Drop Uploader for CF7 - Drag&Drop File Uploader Addon versions = 2.4.1...

PT-2024-17762 · Emlog Pro · Emlog Pro

Name of the Vulnerable Software and Affected Versions: Emlog Pro versions up to 2.4.1 Description: A problem has been found in Emlog Pro that affects some unknown processing of the file /admin/plugin.php. The manipulation of the argument filter leads to cross site scripting. The attack may be...

PT-2024-17764 · Emlog Pro · Emlog Pro

Name of the Vulnerable Software and Affected Versions: Emlog Pro versions up to 2.4.1 Description: A problematic vulnerability was found in Emlog Pro, affecting an unknown functionality in the library /include/lib/common.php. The manipulation of the msg argument leads to cross site scripting. The...

emlog 代码注入漏洞

emlog is emlog personal developer of a PHP and MySQL based CMS site building system. Code injection vulnerability exists in emlog 2.4.1 and previous versions, the vulnerability stems from the manipulation of the keyword parameter in the /admin/user.php file leading to cross-site scripting attacks...

WordPress plugin Duplicate Post Page Menu & Custom Post Type 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in WordPress plugin Duplica...

PyTorch 安全漏洞

PyTorch is a Python package from the PyTorch open source. A security vulnerability exists in PyTorch version 2.4.1 and earlier versions, which stems from RemoteModule containing a remote code execution vulnerability...

PT-2024-30925 · Cryoutcreations · Parabola

Name of the Vulnerable Software and Affected Versions: CryoutCreations Parabola versions n/a through 2.4.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendations:...

PT-2024-25968 · Select Themes · Select-Themes Stockholm

Name of the Vulnerable Software and Affected Versions: Select-Themes Stockholm Core versions n/a through 2.4.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as 'Cross-site Scripting', which allows Reflected XSS. This can be exploited ...

Remote code execution

Arvados is an open source platform for managing, processing, and sharing genomic and other large scientific and biomedical data. A remote code execution RCE vulnerability in the Arvados Workbench allows authenticated attackers to execute arbitrary code via specially crafted JSON payloads. This...

@maksym.khudyakov/feature-signup (>=1.0.0-alpha <=1.0.6-alpha), @maksym.khudyakov/feature-todo (>=1.0.0-alpha <=1.0.25-alpha) +20 more potentially affected by CVE-2022-35942 via loopback-connector-postgresql (>=2.4.1 <=3.9.1)

loopback-connector-postgresql NPM version =2.4.1, =1.0.0-alpha, =1.0.0-alpha, =1.0.1, =1.0.0, =1.0.12, =1.0.12, =0.0.13, =0.0.17, =1.0.0, =0.0.2, =0.0.1, =1.0.0, =1.0.1 and more Source cves: CVE-2022-35942 Source advisory: OSV:GHSA-J259-6C58-9M58...

GHSA-6988-G89M-27VF Magento stored cross-site scripting (XSS) in the customer address upload feature

Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are vulnerable to a stored cross-site scripting XSS in the customer address upload feature. Successful exploitation could lead to arbitrary JavaScript execution in the victim's browser. Exploitation of this issue...

GHSA-6V39-P2XQ-G5C3 Missing authentication in ShenYu

User can access /plugin api without authentication. This issue affected Apache ShenYu 2.4.0 and 2.4.1...

Apache ShenYu 信息泄露漏洞

Apache ShenYu is an asynchronous , high-performance , cross-language , responsive API gateway of the United States Apache Apache Foundation . An information disclosure vulnerability exists in Apache ShenYu versions 2.4.0 and 2.4.1, which arises from a configuration or other error in the operation...

CVE-2021-3584

A server side remote code execution vulnerability was found in Foreman project. A authenticated attacker could use Sendmail configuration options to overwrite the defaults and perform command injection. The highest threat from this vulnerability is to confidentiality, integrity and availability o...

abmarl (>=0.1.1 <=0.1.3), agrothon (>=1.1.5 <=1.3.2) +92 more potentially affected by CVE-2021-29569 via tensorflow (>=2.4.0 <=2.4.1)

tensorflow PYPI version =2.4.0, =0.1.1, =1.1.5, =2.1.0, =0.0.1, =0.0.6, =0.1.0, =1.4.0, =1.2.2, =20210221.0.0, =0.7.2, =0.0.0, =0.0.0.post0 and more Source cves: CVE-2021-29569 Source advisory: OSV:GHSA-3H8M-483J-7XXM...

abmarl (>=0.1.1 <=0.1.3), agrothon (>=1.1.5 <=1.3.2) +92 more potentially affected by CVE-2021-29548 via tensorflow (>=2.4.0 <=2.4.1)

tensorflow PYPI version =2.4.0, =0.1.1, =1.1.5, =2.1.0, =0.0.1, =0.0.6, =0.1.0, =1.4.0, =1.2.2, =20210221.0.0, =0.7.2, =0.0.0, =0.0.0.post0 and more Source cves: CVE-2021-29548 Source advisory: OSV:GHSA-P45V-V4PW-77JR...

abmarl (>=0.1.1 <=0.1.3), agrothon (>=1.1.5 <=1.3.2) +92 more potentially affected by CVE-2021-29515 via tensorflow (>=2.4.0 <=2.4.1)

tensorflow PYPI version =2.4.0, =0.1.1, =1.1.5, =2.1.0, =0.0.1, =0.0.6, =0.1.0, =1.4.0, =1.2.2, =20210221.0.0, =0.7.2, =0.0.0, =0.0.0.post0 and more Source cves: CVE-2021-29515 Source advisory: OSV:PYSEC-2021-152...