30 matches found
OESA-2026-2836 libtiff security update
This provides support for the Tag Image File Format TIFF, a widely used format for storing image data. The latest version of the TIFF specification is available on-line in several different formats.And contains command-line programs for manipulating TIFF format image files using the libtiff...
CVE-2026-57642
Contributor SQL Injection in Gallery = 4.7.8 versions...
CVE-2026-34886
Unauthenticated Broken Access Control in Simple Membership = 4.7.1 versions...
CVE-2026-10737 SP Project & Document Manager <= 4.71 - Missing Authorization to Unauthenticated Arbitrary File Information Disclosure via view_file() Function
The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the viewfile function in all versions up to, and including, 4.71. This makes it possible for unauthenticated attackers to read file metadata and obtain download links f...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003439)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003439 advisory. A kernel data leak due to an out-of-bound read was found in the Linux kernel in inetdiagmsgsctp,laddrfill and sctpgetsctpinfo functions present since version 4.7-rc1...
WordPress Team Rosters plugin <= 4.7 - Reflected Cross-Site Scripting via 'tab' vulnerability
Reflected Cross-Site Scripting via 'tab' vulnerability discovered by vgo0 in WordPress Plugin Team Rosters versions = 4.7...
xunruicms 代码问题漏洞
xunruicms is a website builder framework for XunRuiCMS individual developers. A code issue vulnerability exists in xunruicms 4.7.1 and earlier versions, which stems from incorrect manipulation of the parameter v in the file admin79f2ec220c7e.php, which could lead to server-side request forgery...
CVE-2025-54737
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NooTheme Jobmonster noo-jobmonster allows Reflected XSS.This issue affects Jobmonster: from n/a through = 4.7.8...
WordPress plugin Jobmonster 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
Mist 代码注入漏洞
Mist is the official command line interface to the makedeb package repository, a makedeb open source. A code injection vulnerability exists in Mist Community Edition 4.7.1 and earlier versions, which originates from a cross-site scripting attack in the parameter returnto in the file...
Drupal Enterprise MFA - TFA for Drupal module < 4.7.0,5.0.0-5.1.0 - Unauthenticated Broken Access Control vulnerability
Drupal Enterprise MFA - TFA for Drupal module 4.7.0,5.0.0-5.1.0 - Unauthenticated Broken Access Control vulnerability discovered by Conrad Lara cmlara in WordPress Module Enterprise MFA - TFA for Drupal versions 4.7.0,5.0.0-5.1.0...
WordPress FoodBakery plugin <= 4.7 - Missing Authorization in Multiple Functions vulnerability
Missing Authorization in Multiple Functions vulnerability discovered by Lucio Sá in WordPress Plugin FoodBakery versions = 4.7...
PT-2025-1813 · WordPress · Team Rosters
Name of the Vulnerable Software and Affected Versions: Team Rosters plugin for WordPress versions up to, and including, 4.7 Description: The issue is related to Reflected Cross-Site Scripting via the tab parameter due to insufficient input sanitization and output escaping. This allows...
WordPress plugin YML for Yandex Market 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
PT-2024-27393 · Unknown · Sp Project & Document Manager
Name of the Vulnerable Software and Affected Versions: SP Project & Document Manager versions n/a through 4.71 Description: The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as 'Path Traversal'. This allows for Path Traversal attacks...
WordPress Plugin Tagembed 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
PT-2024-12035 · Unknown · All In One Favicon
Name of the Vulnerable Software and Affected Versions: All In One Favicon versions through 4.7 Description: The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as a Path Traversal vulnerability. This allows an attacker to access files or directories...
CVE-2023-44993
Cross-Site Request Forgery CSRF vulnerability in QuantumCloud AI ChatBot plugin = 4.7.8 versions...
4337-snap (>=0.1.0 <=0.1.1), @0xabcdefg/smart-order-router (>=1.0.0 <=1.0.5) +1222 more potentially affected by CVE-2023-34459 via @openzeppelin/contracts (>=4.7.0 <=4.9.1)
@openzeppelin/contracts NPM version =4.7.0, =0.1.0, =1.0.0, =1.0.0, =3.24.7, =1.7.2, =0.107.10, =1.9.0, =0.107.0, =0.107.0, =0.107.0, =0.69.0, =0.107.0, =0.97.1, =0.107.0, =0.107.0, =0.123.2 and more Source cves: CVE-2023-34459 Source advisory: OSV:GHSA-WPRV-93R4-JJ2P...
NetApp SnapCenter 安全漏洞
NetApp SnapCenter is a suite of applications from Network Appliance NetApp that provides the ability to back up, verify, clone, and restore NetApp storage systems. A security vulnerability exists in NetApp SnapCenter version 4.7 up to and including version 4.7P2 and version 4.8 up to and includin...