CVE-2026-48875

Unauthenticated SQL Injection in JetSmartFilters = 3.8.1 versions...

CVE-2026-21883

Bokeh is an interactive visualization library written in Python. In versions 3.8.1 and below, if a server is configured with an allowlist e.g., dashboard.corp, an attacker can register a domain like dashboard.corp.attacker.com or use a subdomain if applicable and lure a victim to visit it. The...

CVE-2026-21883 Bokeh server applications have Incomplete Origin Validation in WebSockets

Bokeh is an interactive visualization library written in Python. In versions 3.8.1 and below, if a server is configured with an allowlist e.g., dashboard.corp, an attacker can register a domain like dashboard.corp.attacker.com or use a subdomain if applicable and lure a victim to visit it. The...

PT-2026-2119

Name of the Vulnerable Software and Affected Versions Bokeh versions 3.8.1 and below Description Bokeh is an interactive visualization library written in Python. If a server is configured with an allowlist, an attacker can register a domain and lure a victim to visit it. The malicious site can th...

CVE-2025-9561

The AP Background plugin for WordPress is vulnerable to arbitrary file uploads due to missing authorization and insufficient file validation within the advParallaxBackAdminSaveSlider handler in versions 3.8.1 to 3.8.2. This makes it possible for authenticated attackers, with Subscriber-level acce...

CVE-2025-57971

Missing Authorization vulnerability in SALESmanago SALESmanago & Leadoo salesmanago allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SALESmanago & Leadoo: from n/a through = 3.8.1...

WordPress SALESmanago Plugin <= 3.8.1 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nabil Irawan in WordPress Plugin SALESmanago versions = 3.8.1...

WordPress plugin SALESmanago 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

PT-2024-25864 · Unknown · Parcelpanel

Name of the Vulnerable Software and Affected Versions: ParcelPanel versions 3.8.1 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for potential exploitation by injecting maliciou...

PT-2023-25355 · Unknown · Woocommerce Square

Name of the Vulnerable Software and Affected Versions: WooCommerce Square versions 3.8.1 and earlier Description: The issue is related to an Authorization Bypass Through User-Controlled Key vulnerability. This allows for potential unauthorized access. Recommendations: For versions 3.8.1 and...

Kirby 安全漏洞

Kirby is a file-based content management system CMS. A security vulnerability exists in Kirby that stems from a configuration that does not disable Kirby's APIs and panels, and a user enumeration vulnerability that could affect all Kirby sites with user accounts. The following products and versio...