CVE-2026-54197

Unauthenticated Sensitive Data Exposure in GetGenie = 4.4.1 versions...

FreeRTOS-Plus-TCP 缓冲区错误漏洞

FreeRTOS-Plus-TCP is an extensible, open-source TCP/IP stack designed for use with FreeRTOS. Versions prior to V4.2.6 and V4.4.1 of FreeRTOS-Plus-TCP contained a buffer error vulnerability. This vulnerability stemmed from insufficient option length validation in the IPv6 router advertisement...

WordPress plugin The League 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. There is a...

Exploit for Deserialization of Untrusted Data in Nextgen Mirth_Connect

CVE-2023-43208-EXPLOIT Mirth Connect Remote Code Execution...

WordPress Popup Builder – Create highly converting, mobile friendly marketing popups. plugin <= 4.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Naoya Takahashi nakko in WordPress Plugin Popup Builder versions = 4.4.1...

WordPress Nexter Extension plugin <= 4.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Nexter Extension versions = 4.4.1...

CVE-2025-61923 PrestaShop Checkout Backoffice directory traversal allows arbitrary file disclosure

PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. In versions prior to 4.4.1 and 5.0.5, the backoffice is missing validation on input resulting in a directory traversal and arbitrary file disclosure. The vulnerability is fixed in versions 4.4.1 and 5.0.5. N...

CVE-2025-61922 PrestaShop Checkout allows customer account takeover via email

PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. Starting in version 1.3.0 and prior to versions 4.4.1 and 5.0.5, missing validation on the Express Checkout feature allows silent login, enabling account takeover via email. The vulnerability is fixed in...

PT-2025-42516

Name of the Vulnerable Software and Affected Versions PrestaShop Checkout versions prior to 4.4.1 and 5.0.5 Description A flaw exists in the PrestaShop Checkout module due to incorrect use of the PHP array search function. This improper usage allows bypassing validation, potentially leading to th...

PrestaShop Checkout 授权问题漏洞

PrestaShop Checkout is an open source checkout payment module from PrestaShopCorp. An authorization issue vulnerability exists in PrestaShop Checkout versions prior to 4.4.1 and prior to 5.0.5, which stems from a lack of authentication in the Express Checkout feature that could lead to an account...

PrestaShop Checkout 路径遍历漏洞

PrestaShop Checkout is an open source checkout payment module from PrestaShopCorp. A path traversal vulnerability exists in PrestaShop Checkout versions prior to 4.4.1 and prior to 5.0.5, which stems from a lack of input validation in the backend, and could lead to directory traversal and arbitra...

PT-2024-22957 · WordPress · Wp Front User Submit / Front Editor

Name of the Vulnerable Software and Affected Versions: WP Front User Submit / Front Editor plugin for WordPress versions up to, and including, 4.4.1 Description: The issue is related to Stored Cross-Site Scripting via form settings due to insufficient input sanitization and output escaping. This...

HikaShop Joomla Component SQL Injection Vulnerability

HikaShop Joomla Component is an e-commerce component from the Hikari team for use in the Joomla content management system. A security vulnerability exists in HikaShop Joomla Component versions 4.4.1 through 4.7.2, which stems from improper neutralization of a special element, resulting in SQL...

tgstation-server Resource Management Error Vulnerability

tgstation-server is a toolset for managing production BYOND servers. A resource management error vulnerability exists in tgstation-server versions 4.4.0 and 4.4.1. The vulnerability stems from the mismanagement of system resources e.g., memory, disk space, files, etc. by a networked system or...

Kibana 4.4.1, 4.3.2, 4.1.5 - Updated node.js versions due to upstream vulnerabilities

Summary: The bundled versions of node.js in Kibana contain HTTP-related security vulnerabilities. Fixed versions of node.js were recently released. For the original node.js security announcement, see https://nodejs.org/en/blog/vulnerability/february-2016-security-releases/ Fixed versions: Kibana...

security flaw

Multiple cross-site scripting XSS vulnerabilities in PHP 4.4.1 and 5.1.1, when displayerrors and htmlerrors are on, allow remote attackers to inject arbitrary web script or HTML via inputs to PHP applications that are not filtered when they are included in the resulting error message...