14 matches found
@cognigy/cognigy-cli (>=1.9.7 <=2.2.7), @maderelevant/n8n-nodes-helicone-v2 (=0.0.1) +25 more potentially affected by CVE-2026-27795 via @langchain/community (>=1.0.0 <=1.1.16)
@langchain/community NPM version =1.0.0, =1.9.7, =0.0.1, =0.1.0, =0.2.0, =0.20.0, =0.21.0, =0.0.16, =1.4.13, =1.0.1, =1.0.24, =1.0.0, =3.1.0, =0.3.0, =0.3.1 and more Source cves: CVE-2026-27795 Source advisory: SNYK:JS-LANGCHAINCOMMUNITY-15354988...
WordPress A Simple Multilanguage Plugin plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin Simple Multilanguage Plugin versions = 1.0...
Exploit for CVE-2025-34152
⚠️ CVE-2025-34152 – Shenzhen Aitemi M300 Wi-Fi Repeater RCE...
CVE-2025-8719
The Translate This gTranslate Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘baselang’ parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
WordPress plugin Comment Date and Gravatar remover 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
WordPress plugin Ebook Downloader SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...
PT-2025-5013 · Mailchimp · Import Users To Mailchimp
Name of the Vulnerable Software and Affected Versions: Import Users to MailChimp versions 1.0 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a we...
WordPress plugin Utech World Time 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability exist...
PT-2024-17595 · WordPress · Post To Pdf
Name of the Vulnerable Software and Affected Versions: Post to Pdf plugin for WordPress versions up to, and including, 1.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'gmptp single post' shortcode due to insufficient input sanitization and output escaping on...
CVE-2024-49607
Unrestricted Upload of File with Dangerous Type vulnerability in Redwan Hilali WP Dropbox Dropins allows Upload a Web Shell to a Web Server.This issue affects WP Dropbox Dropins: from n/a through 1.0...
WordPress plugin Nice Backgrounds 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...
WordPress Flat UI Button Plugin 1.0 is vulnerable to Cross Site Scripting (XSS)
Software Flat UI Button Type Plugin Vulnerable versions 1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10014 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 35d97ede67c1 Credits Francesco Carlucci Required...
WordPress TT Custom Post Type Creator Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)
Software TT Custom Post Type Creator Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34430 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 0c53513c230b Credits alfido osdie Patchstack Allian...
PT-2006-2914 · Unknown · Green Minute
Name of the Vulnerable Software and Affected Versions: Green Minute versions 1.0 and earlier Description: Multiple SQL injection vulnerabilities in userscript.php allow remote attackers to execute arbitrary SQL commands via the huserid, pituus, or date parameters. The vendor has disputed this...