5-ifc-check-cli (=1.0.0), 7ghost (>=4.11.2 <=4.11.46) +4170 more potentially affected by CVE-2026-27942 via fast-xml-parser (>=4.0.0-beta.2 <=4.5.3)

fast-xml-parser NPM version =4.0.0-beta.2, =4.11.2, =0.1.1, =0.0.2, =1.0.1, =1.0.0, =0.0.1, =1.0.0, =0.0.1, =0.0.1, =0.0.3 and more Source cves: CVE-2026-27942 Source advisory: SNYK:JS-FASTXMLPARSER-15353391...

CVE-2025-43991

SupportAssist for Home PCs versions 4.8.2 and prior and SupportAssist for Business PCs versions 4.5.3 and prior, contain an UNIX Symbolic Link Symlink following vulnerability. A low privileged attacker with local access to the system could potentially exploit this vulnerability to delete arbitrar...

CVE-2025-53243

Deserialization of Untrusted Data vulnerability in emarket-design Employee Directory – Staff Listing & Team Directory Plugin for WordPress employee-directory allows Object Injection.This issue affects Employee Directory – Staff Listing & Team Directory Plugin for WordPress: from n/a through = 4.5...

WordPress Employee Directory – Staff Listing & Team Directory plugin for WordPress plugin <= 4.5.5 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Martino Spagnuolo r3verii in WordPress Plugin Employee Directory – Staff Listing & Team Directory Plugin for WordPress versions = 4.5.5...

CVE-2025-36612

SupportAssist for Business PCs, versions 4.5.3 and prior, contains an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges...

WordPress WP-Appbox plugin <= 4.5.3 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Colin Xu in WordPress Plugin WP-Appbox versions = 4.5.3...

Smarty 安全漏洞

Smarty is a PHP-based template engine that helps to separate the representation HTML/CSS from the application logic. A security vulnerability exists in Smarty that stems from allowing an attacker to inject PHP code by selecting a malicious filename via extends-tag. Affected products and versions:...

CVE-2022-47444

Unauth. Reflected Cross-Site Scripting XSS vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin = 4.5.3 versions...

GHSA-8FWW-64CX-X8P5 redis-py Race Condition due to incomplete fix

redis-py through 4.5.3 and 4.4.3 leaves a connection open after canceling an async Redis command at an inopportune time in the case of a non-pipeline operation, and can send response data to the client of an unrelated request. NOTE: this issue exists because of an incomplete fix for CVE-2023-2885...

GHSA-3HX6-FQPJ-XFJR RichFaces vulnerable to Expression Language Injection

JBoss RichFaces 4.5.3 through 4.5.17 allows unauthenticated remote attackers to inject an arbitrary expression language EL variable mapper and execute arbitrary Java code via a MediaOutputResource's resource request, aka RF-14309...

Mellow Fish YetiShare Cross-Site Scripting Vulnerability

Mellow Fish YetiShare is a PHP-based file hosting web system script from Mellow Fish UK. A security vulnerability exists in Mellow Fish YetiShare versions 3.5.2 through 4.5.3, which stems from the program not setting the HttpOnly flag on session cookies. An attacker can exploit the vulnerability ...

AZL-44208 CVE-2016-2125 affecting package samba 4.18.3-2

It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users...

JBoss RichFaces Arbitrary Java Code Execution Vulnerability (CNVD-2018-11847)

Red Hat JBoss RichFaces is the United States Red Hat Red Hat, Inc. of an open source JSF JavaServer Faces component library . The library provides built-in JavaScript and Ajax functionality . A security vulnerability exists in Red Hat JBoss RichFaces versions 4.5.3 through 4.5.17. A remote attack...