30 matches found
CVE-2026-15292
The Sudoku Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'background' parameter in the 'sudoku-sc' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2025-64152
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.6, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.6 and 2.0.7, which fixes the issue...
CVE-2026-49454
Relyra is a strict-by-default SAML 2.0 Service Provider library for Elixir and Phoenix. Versions 1.0.0 and 1.1.0 accept forged SAML signatures because SignatureValue was not cryptographically verified before the library returned a successful authentication result. The XMLDSig trust boundary was...
CVE-2026-44494 Axios: Full Man-in-the-Middle via Prototype Pollution Gadget in `config.proxy`
Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.16.0, the Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution in the application's dependency tree to be escalated into a full Man-in-the-Middle MIT...
SUSE CVE-2026-42264
Axios is a promise based HTTP client for the browser and Node.js. From version 1.0.0 to before version 1.15.2, fFive config properties auth, baseURL, socketPath, beforeRedirect, and insecureHTTPParser in the HTTP adapter are read via direct property access without hasOwnProperty guards, making th...
ai.intelliswarm:swarmai-core (>=1.0.0 <=1.0.28), ai.intelliswarm:swarmai-distributed (>=1.0.0 <=1.0.28) +12 more potentially affected by CVE-2026-40967 via org.springframework.ai:spring-ai-pgvector-store (>=1.0.0-M5 <=1.0.5)
org.springframework.ai:spring-ai-pgvector-store MAVEN version =1.0.0-M5, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.24, =1.0.27, =1.0.0, =1.0.0, =4.2.3, =0.0.1, =1.0.0-M5, =1.0.0, =1.0.5 Source cves: CVE-2026-40967 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16321394...
CVE-2025-36243
IBM Concert 1.0.0 through 2.1.0 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...
WordPress Solutions Ad Manager plugin <= 1.0.0 - Unauthenticated Open Redirect via 'sam-redirect-to' Parameter vulnerability
Unauthenticated Open Redirect via 'sam-redirect-to' Parameter vulnerability discovered by Ivan Cese in WordPress Plugin Solutions Ad Manager versions = 1.0.0...
CVE-2025-27909 IBM Concert Software cross-origin resource sharing
IBM Concert Software 1.0.0 through 1.1.0 uses cross-origin resource sharing CORS which could allow an attacker to carry out privileged actions as the domain name is not being limited to only trusted domains...
VulnCheck KEV: CVE-2025-5287
The Likes and Dislikes Plugin plugin for WordPress is vulnerable to SQL Injection via the 'post' parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...
PT-2024-36108 · WordPress · Wprealizer Unlock Addons For Elementor
Name of the Vulnerable Software and Affected Versions: WPRealizer Unlock Addons for Elementor versions 1.0.0 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS, which allows DOM-Based XSS. This is a...
cn.tenmg:flink-connector-sqlserver-cdc-log (=1.0.0), com.ascentstream.pulsar:pulsar-io-debezium-mssql (>=2.10.6.9 <=2.10.7.4-SNAPSHOT-35e64fa) +28 more potentially affected by CVE-2023-1419 via io.debezium:debezium-connector-sqlserver (>=1.0.0.Final <=2.2.1.Final)
io.debezium:debezium-connector-sqlserver MAVEN version =1.0.0.Final, =2.10.6.9, =2.2.0, =0.1.0, =0.4.1, =2.9.0-candidate-4, =0.1.0, =1.0.0, =1.0.0, =1.0.0-CR2, =3.1.0, =3.1.0, =3.1.0, =3.6.0-2.2 and more Source cves: CVE-2023-1419 S...
PT-2024-33469 · WordPress · Wp Rest Api Fns
Name of the Vulnerable Software and Affected Versions: WP REST API FNS versions 1.0.0 and earlier Description: There is an Authentication Bypass Using an Alternate Path or Channel issue in WP REST API FNS, allowing users to bypass authentication. This lets users gain unauthorized access...
WordPress SafetyForms Plugin <= 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF)
Software SafetyForms Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Request Forgery CSRF CVE CVE-2024-49615 Patch priority Low CVSS severity Low 8.2 Developer Claim ownership PSID 8ae3175dd1dc Credits João Pedro S Alcântara Kinorth Requir...
PT-2024-39845 · Zowe · Zowe
Name of the Vulnerable Software and Affected Versions: Zowe versions 1.0.0 through 1.28.8 Zowe versions 2.0.0 through 2.18.0 Description: The health endpoint is public, allowing everybody to see a list of all services, which is potentially valuable information for attackers. Recommendations: For...
PT-2024-37503 · Unknown · Lahirudanushka School Management System
Name of the Vulnerable Software and Affected Versions: lahirudanushka School Management System versions 1.0.0 through 1.0.1 Description: A critical issue was found in the lahirudanushka School Management System, affecting the Parent Page component, specifically the file parent.php. The manipulati...
School-Management-System SQL Injection Vulnerability
School-Management-System is a school management system by the individual developer Lahiru Danushka. A SQL injection vulnerability exists in School-Management-System version 1.0.0 and 1.0.1, which stems from a parameter email in the file login.php that can lead to SQL injection...
PT-2024-14124 · Unknown · Universal Passport Rx
Name of the Vulnerable Software and Affected Versions: UNIVERSAL PASSPORT RX versions 1.0.0 through 1.0.8 Description: A cross-site scripting issue exists, which may allow a remote authenticated attacker with administrative privileges to execute an arbitrary script on the user's web browser...
PT-2024-31553
Name of the Vulnerable Software and Affected Versions Business Card WordPress plugin versions 1.0.0 and earlier Description The issue concerns a lack of CSRF checks in certain areas, allowing attackers to potentially make logged-in users perform unwanted actions, such as editing card categories v...
PT-2024-22731 · Tablesome · Tablesome
Name of the Vulnerable Software and Affected Versions: Table & Contact Form 7 Database – Tablesome versions 1.0.0 through 1.0.27 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows Reflected XSS, which c...