PT-2026-39010

Password Pusher is an open source application to communicate sensitive information over the web. Prior to versions 1.69.3 and 2.4.2, a security issue in OSS PasswordPusher allowed unauthenticated creation of file-type pushes through a generic JSON API create path under certain configurations. Thi...

WordPress plugin GutenKit 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

PT-2025-38998

Name of the Vulnerable Software and Affected Versions SAPO SAPO Feed versions through 2.4.2 Description The software contains a flaw related to improper handling of user-supplied data during web page creation, which can lead to Stored Cross-site Scripting XSS. This allows an attacker to inject...

CVE-2025-58840

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ibnul H. Custom Team Manager custom-team-manager allows Stored XSS.This issue affects Custom Team Manager: from n/a through = 2.4.2...

CVE-2025-58840

CVE-2025-58840 refers to the WordPress plugin Custom Team Manager (versions up to 2.4.2). The vulnerability is a stored XSS due to improper input neutralization during web page generation. The Wordfence/WP plugin data show patch status as Unpatched for 2.4.2, with references indicating the issue ...

Linux Distros Unpatched Vulnerability : CVE-2020-8597

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eaprequest and eapresponse functions. CVE-2020-8597 Note that Nessus relies on...

PT-2024-17639 · WordPress · States Map Us

Name of the Vulnerable Software and Affected Versions: The States Map US plugin for WordPress versions up to, and including, 2.4.2 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the states...

WordPress plugin TablePress 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

WordPress WooCommerce Google Feed Manager plugin <= 2.4.2 - Authenticated (Admin+) SQL Injection to Reflected Cross-Site Scripting vulnerability

Authenticated Admin+ SQL Injection to Reflected Cross-Site Scripting vulnerability discovered by Krzysztof Zając in WordPress Plugin WooCommerce Google Feed Manager versions = 2.4.2...

BIT-MAGENTO-2021-28585 Magento Commerce improper input validation in customer customer webapi

Magento versions 2.4.2 and earlier, 2.4.1 and earlier and 2.3.6 and earlier are affected by an Improper input validation vulnerability in the New customer WebAPI.Successful exploitation could allow an attacker to send unsolicited spam e-mails...

CVE-2023-52208

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Constant Contact Constant Contact Forms.This issue affects Constant Contact Forms: from n/a through 2.4.2...

PT-2023-11894 · WordPress · Paid Memberships Pro

Name of the Vulnerable Software and Affected Versions: Paid Memberships Pro plugin for WordPress versions up to, and including, 2.4.2 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the pmpro page save function. This allows...

Magento improper access control vulnerability within Magento's Media Gallery Upload workflow

Magento versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by an improper access control vulnerability within Magento's Media Gallery Upload workflow. By storing a specially crafted file in the website gallery, an authenticated attacker with administrative privile...

SUSE CVE-2021-29556

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via a FPE runtime error in tf.rawops.Reverse. This is because the...

PT-2023-10626 · Unknown · Daschtour Matomo-Mediawiki-Extension

Name of the Vulnerable Software and Affected Versions: DaSchTour matomo-mediawiki-extension versions up to 2.4.2 Description: A vulnerability has been found in the DaSchTour matomo-mediawiki-extension, affecting an unknown part of the file Piwik.hooks.php of the component Username Handler. The...

io.github.shuigedeng:taotao-cloud-starter-agent (>=2022.09 <=2022.10), io.github.shuigedeng:taotao-cloud-starter-apt (>=2022.09 <=2022.10) +234 more potentially affected by CVE-2022-37435 via org.apache.shenyu:shenyu-common (>=2.4.2 <=2.4.3)

org.apache.shenyu:shenyu-common MAVEN version =2.4.2, =2022.09, =2022.09, =2022.09, =2022.09, =2022.09, =2022.09, =2022.09, =2022.09, =2022.09, =2022.09, =2022.09, =2022.09, =2022.09, =2022.09, =2022.09, =2022.10 and more Source cves: CVE-2022-37435 Source advisory: OSV:GHSA-FJJW-82XW-VFC2https:...

PT-2022-23995 · Apache · Apache Shenyu

Name of the Vulnerable Software and Affected Versions: Apache ShenYu versions 2.4.2 through 2.4.3 Description: The issue is related to insecure permissions in Apache ShenYu Admin, which may allow low-privilege administrators to modify high-privilege administrator's passwords. Recommendations: For...

GHSA-3X9X-VHQJ-CV27 Magento XML Injection vulnerability in the Widgets Update Layout

Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by an XML Injection vulnerability in the Widgets Update Layout. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution...

Magento improper authorization vulnerability

Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by an improper authorization vulnerability. An attacker with admin privileges could leverage this vulnerability to achieve remote code execution...

GHSA-2PQ5-GPQF-G4R3 Magento has a file extension restrictions bypass

Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by an improper input validation vulnerability. An attacker with admin privileges can upload a specially crafted file to bypass file extension restrictions and could lead to remote code execution...