PT-2026-2847

Name of the Vulnerable Software and Affected Versions Modular DS versions through 2.5.1 Description A critical vulnerability exists in the Modular DS WordPress plugin that allows unauthenticated attackers to gain administrative access to affected websites. This flaw, tracked as CVE-2026-23550, is...

Critical: lasso

Issue Overview: A denial of service vulnerability exists in the lassoproviderverifysamlsignature functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability. CVE-2025-4640...

UBUNTU-CVE-2025-47151

A type confusion vulnerability exists in the lassonodeimplinitfromxml functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerability...

PT-2025-45108

Name of the Vulnerable Software and Affected Versions Entr’ouvert Lasso versions 2.5.1 and 2.8.2 Description A denial of service issue exists in the g assert not reached functionality. A specially crafted SAML assertion response can cause a denial of service. An attacker can trigger this by sendi...

Entrouvert Lasso 安全漏洞

Entrouvert Lasso is a single sign-on protocol implementation library open-sourced by Entrouvert France. A security vulnerability exists in Entrouvert Lasso versions 2.5.1 and 2.8.2, which stems from a flaw in the gassertnotreached function that could lead to a denial of service attack...

EUVD-2025-35980

Missing Authorization vulnerability in wpseek Admin Management Xtended admin-management-xtended allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin Management Xtended : from n/a through = 2.5.1...

EUVD-2023-42076

Malicious code in bioql PyPI...

Apache VCL 跨站脚本漏洞

Apache VCL is an open source cloud computing platform from the Apache USA Foundation. A cross-site scripting vulnerability exists in Apache VCL 2.5.1 and earlier versions. An attacker exploiting this vulnerability could elevate the privileges of a specified user via a URL...

WordPress Order Attachments for WooCommerce plugin <= 2.5.1 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory vulnerability

Unauthenticated Sensitive Information Exposure Through Unprotected Directory vulnerability discovered by Tim Coen in WordPress Plugin Order Attachments for WooCommerce versions = 2.5.1...

WordPress plugin Order Attachments for WooCommerce 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...

CVE-2022-46178

MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Versions prior to 2.5.1 allow users to upload a file, but do not validate the file name, which may lead to upload file to any path. The vulnerability...

PT-2024-15736 · WordPress · Pz-Linkcard

Name of the Vulnerable Software and Affected Versions: Pz-LinkCard WordPress plugin versions through 2.5.1 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped before being outputted back in the page. Th...

CVE-2023-41256

Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 are vulnerable to authentication bypass that could allow an unauthorized attacker to obtain user access...

PT-2023-5124 · Dover Fueling Solutions · Maglink Lx Web Console Configuration

Name of the Vulnerable Software and Affected Versions: Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1 through 3.3 Description: The issue is related to incorrect restriction of directory path names with limited access. This could allow a remote attacker to access files...

PT-2023-5123 · Dover Fueling Solutions · Maglink Lx Web Console Configuration

Name of the Vulnerable Software and Affected Versions: Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1 through 3.3 Description: The issue is related to insufficient access control in the web console, which could allow a remote attacker to elevate their privileges. A...

PT-2023-5113 · Dover Fueling Solutions · Maglink Lx Web Console

Name of the Vulnerable Software and Affected Versions: Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1 through 3.3 Description: The vulnerability in the MAGLINK LX Web Console is related to authentication bypass, which could allow an unauthorized attacker to obtain use...

PT-2023-4904 · Unknown +4 · Json Smart +5

Name of the Vulnerable Software and Affected Versions: Json-smart versions 2.5.0 through 2.5.1 Description: The issue is related to uncontrolled recursion in the Json-smart library. When the library encounters a '' or '' character in the JSON input, it parses an object or array respectively...

SUSE CVE-2012-5529

TraceManager in Firebird 2.5.0 and 2.5.1, when trace is enabled, allows remote authenticated users to cause a denial of service NULL pointer dereference and crash by preparing an empty dynamic SQL query...

br.com.esec.icpm:certillion-client-library (>=1.1.7 <=1.2.0), br.com.esec.icpm:certillion-client-library-resteasy-plugin (>=1.1.9 <=1.1.10) +415 more potentially affected by CVE-2011-1411 via org.opensaml:opensaml (=2.5.1-1)

org.opensaml:opensaml MAVEN version =2.5.1-1 is affected by a known vulnerability. The following packages have a transitive dependency on org.opensaml:opensaml and may be impacted: - br.com.esec.icpm:certillion-client-library =1.1.7, =1.1.9, =1.2.5, =2.0.0, =12.1.0, =12.1.1, =12.1.2, =12.1.0,...

com.github.a-pz:struts2-thymeleaf3-plugin (>=1.0.3-RELEASE <=1.0.5-RELEASE), com.jgeppert.struts2.bootstrap:struts2-bootstrap-plugin (=2.5.1) +73 more potentially affected by CVE-2016-4465 via org.apache.struts:struts2-core (>=2.5.1 <=2.5.12)

org.apache.struts:struts2-core MAVEN version =2.5.1, =1.0.3-RELEASE, =0.9.4, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.12 - org.apache.struts:struts2-java8-support-plugin =2.5.1 and more Source cves: CVE-2016-4465 Source advisory: OSV:GHSA-XG75-68X3-7P3Q...