18 matches found
EUVD-2026-20152
URL Redirection to Untrusted Site 'Open Redirect' vulnerability in John Darrel Hide My WP Ghost hide-my-wp allows Phishing.This issue affects Hide My WP Ghost: from n/a through 7.0.00...
CVE-2026-39484
URL Redirection to Untrusted Site 'Open Redirect' vulnerability in John Darrel Hide My WP Ghost hide-my-wp allows Phishing.This issue affects Hide My WP Ghost: from n/a through 7.0.00...
WordPress Hide My WP Ghost plugin < 7.0.00 - Open Redirection vulnerability
Open Redirection vulnerability discovered by Or Benit in WordPress Plugin Hide My WP Ghost versions 7.0.00...
CVE-2025-32355
CVE-2025-32355 affects Rocket TRUfusion Enterprise up to version 7.10.4.0, where the built-in reverse proxy can be misconfigured to accept absolute URLs in the HTTP request line. This enables server-side requests to load arbitrary resources via the proxy, constituting a server-side request forger...
CVE-2025-12748 affecting package libvirt for versions less than 7.10.0-11
CVE-2025-12748 affecting package libvirt for versions less than 7.10.0-11. A patched version of the package is available...
PT-2025-49920
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Get Bowtied Shopkeeper Extender shopkeeper-extender allows Stored XSS.This issue affects Shopkeeper Extender: from n/a through 7.0...
WordPress Site Reviews plugin < 7.2.5 - Unauthenticated Stored XSS vulnerability
Unauthenticated Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Site Reviews versions 7.2.5...
Drupal Loft Data Grids module < 7.x-2.7,< 7.x-3.0 - Unauthenticated Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS vulnerability discovered by Juraj Nemec in WordPress Module Loft Data Grids versions 7.x-2.7,7.x-3.0...
WordPress The Post Grid plugin < 7.5.0 - Editor+ Stored XSS via Grid Creation vulnerability
Editor+ Stored XSS via Grid Creation vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin The Post Grid versions 7.5.0...
AZL-35030 CVE-2023-48795 affecting package nmap for versions less than 7.93-2
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted from the extension negotiation message, and a client and server may consequently end up with a connecti...
PT-2023-24476 · Foswiki · Foswiki +1
Name of the Vulnerable Software and Affected Versions: Foswiki versions 2.1.7 and below Description: An issue in the SpreadSheetPlugin component of Foswiki allows attackers to execute a directory traversal. Recommendations: For versions 2.1.7 and below, update to a version above 2.1.7 to resolve...
AZL-26736 CVE-2023-2700 affecting package libvirt for versions less than 7.10.0-5
A vulnerability was found in libvirt. This security flaw ouccers due to repeatedly querying an SR-IOV PCI device's capabilities that exposes a memory leak caused by a failure to free the virPCIVirtualFunction array within the parent struct's gautoptr cleanup...
SUSE CVE-2021-21706
In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS...
AZL-11046 CVE-2022-35252 affecting package curl for versions less than 7.86.0-1
When curl is used to retrieve and parse cookies from a HTTPS server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings...
AZL-7049 CVE-2021-43896 affecting package powershell for versions less than 7.2.1-1
Microsoft PowerShell Spoofing Vulnerability...
PT-2020-6128 · Php +2 · Php +2
Name of the Vulnerable Software and Affected Versions: Chadha PHPKB version 9.0 Enterprise Edition Description: The issue is related to insufficient input validation in the Chadha PHPKB software. This allows a remote unauthenticated attacker to disclose local files on hosts running PHP versions...
CVE-2019-11657
Cross-Site Request Forgery vulnerability in all Micro Focus ArcSight Logger affecting all product versions below version 7.0. The vulnerability could be exploited to perform CSRF attack...
AZL-6625 CVE-2017-3613 affecting package libdb for versions less than 5.3.28-7
Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks...