CVE-2026-6813

The Continually plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

PT-2026-31142

CVE-2026-39521 Server-Side Request Forgery SSRF vulnerability in Nelio Software Nelio Content nelio-content allows Server Side Request Forgery.This issue affects Nelio Content: fr… https://t.co/owRzyY4kbX...

CLEANSTART-2026-DU32240 Security fixes for CVE-2026-2391, CVE-2026-26960, CVE-2026-29786, CVE-2026-31802, ghsa-34x7-hfp2-rc4v, ghsa-5359-pvf2-pw78, ghsa-73rr-hh4g-fpgx, ghsa-8qq5-rm4j-mr97, ghsa-r6q2-hw4h-h46w applied in versions: 4.2.1.1-r1, 4.2.1.1-r2, 4.3.0.1-r0, 4.3.1-r0

Multiple security vulnerabilities affect the thingsboard-tb-web-ui package. These issues are resolved in later releases. See references for individual vulnerability details...

CVE-2025-53213

Unrestricted Upload of File with Dangerous Type vulnerability in ELEXtensions ReachShip WooCommerce Multi-Carrier & Conditional Shipping elex-reachship-multi-carrier-conditional-shipping allows Using Malicious Files.This issue affects ReachShip WooCommerce Multi-Carrier & Conditional Shipping: fr...

WordPress plugin ReachShip WooCommerce Multi-Carrier和Conditional Shipping 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

Linkify 安全漏洞

Linkify is an open source plugin for Linkify. A security vulnerability exists in Linkify versions prior to 4.3.1 through 4.3.2 that stems from prototype contamination and is vulnerable to cross-site scripting attacks...

LG SuperSign CMS Cross-Site Scripting Vulnerability

LG SuperSign CMS is a content management software solution optimized for LG webOS kanbanban from Luckin LG Korea. A cross-site scripting vulnerability exists in LG SuperSign CMS versions prior to 4.1.3 through 4.3.1, which stems from the presence of improper input neutralization during web page...

SUSE CVE-2019-16770

In Puma before versions 3.12.2 and 4.3.1, a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, additional connections will wait permanently if the...

WordPress plugin GD bbPress Attachments 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2022-24408 · Unknown · Mailform Pro Cgi

Name of the Vulnerable Software and Affected Versions: Mailform Pro CGI versions 4.3.1 and earlier Description: The issue allows a remote unauthenticated attacker to obtain user input data by accessing a specially crafted URL. Recommendations: For Mailform Pro CGI versions 4.3.1 and earlier, at t...

VMware HCX Information Disclosure Vulnerability

VMware HCX is an application mobility platform from VMware, Inc. Designed to simplify application migration, workload rebalancing and business continuity across data centers and clouds, VMware HCX versions 4.3.1 and 4.3.2 contain an information disclosure vulnerability stemming from the fact that...

CVE-2020-10618

LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vulnerable to sensitive information exposure by unauthorized users...

Broadcom CA API Developer Portal Access Control Error Vulnerability (CNVD-2020-25820)

Broadcom CA API Developer Portal is an API developer portal product of Broadcom's complete API lifecycle management solution, which provides API release control, API performance monitoring and other functions. A security vulnerability exists in Broadcom CA API Developer Portal 4.3.1 and prior...

JabRef MsBibImporter XML parser suffers from XML external entity injection vulnerability

JabRef is an open source book catalog management application. The program supports multiple format file import , book catalog search and catalog classification and other functions.MsBibImporter XML Parser is one of the XML parser . An XML external entity injection vulnerability exists in the...

Adminer Server-Side Request Forgery Vulnerability

Adminer is a full-featured database management tool written in PHP that supports database software such as MySQL, MariaDB, PostgreSQL and SQLite. A server-side request forgery vulnerability exists in Adminer 4.3.1 and earlier versions. An attacker can exploit this vulnerability with the help of t...

PHP 4.x - 'socket_recv()' Signed Integer Memory Corruption

source: https://www.securityfocus.com/bid/7197/info A vulnerability has been reported in PHP versions 4.3.1 and earlier. The problem occurs in the socketrecv and may allow an attacker to corrupt memory. Specifically, the affected function fails to carry out sanity checks on user-supplied argument...