a-beta-scalekit (>=3.0.1 <=4.0.2), a-data-processing (=0.0.1) +2399 more potentially affected by CVE-2026-26013 via langchain-core (>=0.0.1 <=1.2.1)

langchain-core PYPI version =0.0.1, =3.0.1, =0.1.0, =0.1.3, =0.1.0, =0.1.0b0, =0.0.1, =4.8.2, =0.0.1a1, =0.0.1a5 and more Source cves: CVE-2026-26013 Source advisory: OSV:GHSA-2G6R-C272-W58R...

PT-2025-45549

Name of the Vulnerable Software and Affected Versions Smart Auto Upload Images versions prior to 1.2.1 Description The Smart Auto Upload Images plugin for WordPress is affected by a flaw related to missing file type validation during the auto-image creation process. This allows authenticated...

CVE-2025-60214

Deserialization of Untrusted Data vulnerability in BoldThemes Goldenblatt goldenblatt allows Object Injection.This issue affects Goldenblatt: from n/a through 1.3.0...

CVE-2025-48103

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mulscully Today's Date Inserter todays-date-inserter allows Stored XSS.This issue affects Today's Date Inserter: from n/a through = 1.2.1...

CVE-2025-46238

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in rbaer List Last Changes allows Stored XSS. This issue affects List Last Changes: from n/a through 1.2.1...

PT-2024-36771 · Coupon · Coupon

Name of the Vulnerable Software and Affected Versions: Coupon versions 1.2.1 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for DOM-Based XSS. This means that an attacker could potentially inject malicious scripts into th...

PT-2024-16772 · WordPress · Bne Gallery Extended

Name of the Vulnerable Software and Affected Versions: BNE Gallery Extended plugin for WordPress versions up to, and including, 1.2.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'gallery' shortcode due to insufficient input sanitization and output escaping on...

PT-2024-34311 · David Garcia · Domain Sharding

Name of the Vulnerable Software and Affected Versions: David Garcia Domain Sharding versions 1.2.1 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +36892 more potentially affected by CVE-2024-38809 via org.springframework:spring-web (>=1.2.1 <=5.3.37)

org.springframework:spring-web MAVEN version =1.2.1, =1.1, =0.0.1, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.2.0 and more Source cves: CVE-2024-38809 Source advisory: OSV:GHSA-2RMJ-MQ67-H97G...

PT-2023-19551 · Unknown · Wesecur Security Plugin

Name of the Vulnerable Software and Affected Versions: WeSecur Security plugin versions 1.2.1 and earlier Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. Recommendations: For WeSecur Security plugin versions...

RPD:bmc-rpd (=1.1), aendter.jenkins.plugins:filesystem-list-parameter-plugin (>=0.0.1 <=0.0.6) +15194 more potentially affected by CVE-2022-22965 via org.springframework:spring-webmvc (>=1.2.1 <=5.2.1.RELEASE)

org.springframework:spring-webmvc MAVEN version =1.2.1, =0.0.1, =4.4.0.0, =0.1.6, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.1.1, =j8.2.3.0, =j8.2.3.0, =Finchley.SR2.SR1, =Finchley.SR4, =Greenwich.SR2.1 and more Source cves: CVE-2022-22965 Source advisory: OSV:GHSA-36P3-WJMG-H94X...

PT-2020-15502 · Jenkins · Jenkins Elastest Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins ElasTest Plugin versions 1.2.1 and earlier Description: A cross-site request forgery issue allows attackers to connect to an attacker-specified URL using attacker-specified credentials. Recommendations: For Jenkins ElasTest Plugin...