NPM: Network-AI: Unauthenticated Cross-Origin MCP Tool Invocation via Empty Default Secret

NPM: Network-AI: Unauthenticated Cross-Origin MCP Tool Invocation via Empty Default Secret vulnerability discovered by ? in WordPress Npm network-ai versions = 5.4.4...

CVE-2026-39712

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in tagDiv tagDiv Composer td-composer allows Code Injection.This issue affects tagDiv Composer: from n/a through = 5.4.3...

CVE-2026-28103

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup LBG Zoominoutslider lbgzoominoutslider allows Reflected XSS.This issue affects LBG Zoominoutslider: from n/a through = 5.4.5...

CVE-2026-25368

Missing Authorization vulnerability in codepeople Calculated Fields Form calculated-fields-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Calculated Fields Form: from n/a through = 5.4.4.1...

CVE-2025-67919

Authorization Bypass Through User-Controlled Key vulnerability in WofficeIO Woffice Core woffice-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woffice Core: from n/a through = 5.4.30...

CVE-2025-68056 WordPress LBG Zoominoutslider plugin <= 5.4.4 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in LambertGroup LBG Zoominoutslider lbgzoominoutslider allows SQL Injection.This issue affects LBG Zoominoutslider: from n/a through = 5.4.4...

CVE-2025-43939

Dell Unity, versions 5.4 and prior, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privilege...

EUVD-2025-37010

Dell Unity, versions 5.4 and prior, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privilege...

PT-2024-27581

Name of the Vulnerable Software and Affected Versions Woffice Core versions through 5.4.8 Description A Cross Site Scripting XSS vulnerability in WofficeIO Woffice Core allows Reflected XSS. Recommendations For versions through 5.4.8, update to a version later than 5.4.8 to resolve the issue. At...

PT-2024-25860 · Veritas · Netbackup Appliance +1

Name of the Vulnerable Software and Affected Versions: Veritas NetBackup versions prior to 10.4 NetBackup Appliance versions prior to 5.4 Description: A vulnerability was discovered in the Alta Recovery Vault feature, allowing a NetBackup administrator to modify the expiration of backups under...

NULL Pointer Exception bug that can be used by a remote attacker

handleipv6IpForwarding in agent/mibgroup/ip-mib/ipscalars.c in Net-SNMP 5.4.3 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. Products Confirmed Not Affected Brocade Fabri...

CVE-2023-2893

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processdeactivateproduct function. This makes it possible for unauthenticated attackers to deactivate products via ...

SUSE CVE-2017-10197

Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications subcomponent: Folios. The supported version that is affected is 5.4.2.x through 5.5.1.x. Easily exploitable vulnerability allows physical access to compromise Oracle Hospitality OPERA 5...

CVE-2022-25952

Cross-Site Request Forgery CSRF vulnerability in Keywordrush Content Egg plugin = 5.4.0 on WordPress...

CVE-2020-23249

GigaVUE-OS GVOS 5.4 - 5.9 stores a Redis database password in plaintext...

PT-2019-10253 · Pulse Secure · Pulse Policy Secure +1

Name of the Vulnerable Software and Affected Versions: Pulse Connect Secure PCS versions 8.3R2 and earlier Pulse Policy Secure PPS versions 5.4RX and earlier Description: A cross-site scripting XSS issue was discovered in Psaldownload.cgi. This issue affects Pulse Secure products. Recommendations...

Nagios XI Operating System Command Injection Vulnerability

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems and more. An operating system command injection vulnerability exists in Nagios XI version 5.2.x and version 5.4.x pri...

CVE-2018-8734

SQL injection vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary SQL commands via the selInfoKey1 parameter...

CVE-2017-3552

Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications subcomponent: OPERA Room Image/Picture Setup. Supported versions that are affected are 5.4.0.x, 5.4.1.x, 5.4.2.x, 5.4.3.x, 5.5.0.x and 5.5.1.x. Easily "exploitable" vulnerability allows...