WordPress SMS Alert Order Notifications plugin <= 3.8.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by benzdeus in WordPress Plugin SMS Alert Order Notifications versions = 3.8.8...

EUVD-2025-198942

Malicious code in @posthog/ingestion-alert-plugin npm...

Malicious code in @posthog/ingestion-alert-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c8eecfada0b8b32fc4e69b17399fba304ef75a1cf7ad1e2fabbf1eabdd10a5c The package @posthog/ingestion-alert-plugin was found to contain malicious code. Source: google-open-source-security...

com.airbus-cyber-security.graylog:graylog-plugin-aggregation-count (>=1.1.0 <=4.1.1), com.airbus-cyber-security.graylog:graylog-plugin-alert-wizard (>=1.0.0 <=5.2.1) +12 more potentially affected by CVE-2025-46827 via org.graylog2:graylog2-server (>=1.0.0-beta.3 <=6.0.13)

org.graylog2:graylog2-server MAVEN version =1.0.0-beta.3, =1.1.0, =1.0.0, =1.1.0, =1.0.0, =1.0.0, =1.0.0, =1.0.1, =2.2.0, =1.1.0, =2.2.0, =2.2.0, =1.0.3, =1.0.0, =1.2.0, =1.3.4 Source cves: CVE-2025-46827 Source advisory: OSV:GHSA-76VF-MPMX-777J...

CVE-2024-51637 WordPress Admin SMS Alert plugin <= 1.1.0 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery CSRF vulnerability in sroyalty Admin SMS Alert admin-sms-alert allows Stored XSS.This issue affects Admin SMS Alert: from n/a through = 1.1.0...

CVE-2024-51637 WordPress Admin SMS Alert plugin <= 1.1.0 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery CSRF vulnerability in sroyalty Admin SMS Alert admin-sms-alert allows Stored XSS.This issue affects Admin SMS Alert: from n/a through = 1.1.0...

PT-2023-18386 · WordPress · Seo Alert Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: SEO ALert WordPress plugin versions 1.59 and earlier Description: The SEO ALert WordPress plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting...

com.airbus-cyber-security.graylog:graylog-plugin-alert-wizard (=5.2.0), com.airbus-cyber-security.graylog:graylog-plugin-correlation-count (=5.1.2) +3 more potentially affected by CVE-2023-41045 via org.graylog2:graylog2-server (>=5.1.0 <=5.1.2)

org.graylog2:graylog2-server MAVEN version =5.1.0, =5.1.0, =5.1.0, =5.1.13 Source cves: CVE-2023-41045 Source advisory: OSV:GHSA-G96C-X7RH-99R3...

Apache DolphinScheduler Input Validation Error Vulnerability

Apache DolphinScheduler, a distributed DAG visualization-based workflow task scheduling system from the Apache Foundation, is vulnerable to an input validation error in Apache DolphinScheduler, which stems from incorrect validation of the script alert plugin parameter. No detailed vulnerability...

CVE-2022-45875

Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions. This attack can be performed only by authenticated users...

PYSEC-2023-4

Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions...

CVE-2022-45875 Apache DolphinScheduler: Remote command execution Vulnerability in script alert plugin

Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions. This attack can be performed only by authenticated users...

CVE-2022-45875 Apache DolphinScheduler: Remote command execution Vulnerability in script alert plugin

Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions. This attack can be performed only by authenticated users...

CVE-2022-45875

Apache DolphinScheduler (CVE-2022-45875) is affected by improper validation of script alert plugin parameters, allowing remote command execution. The issue affects 3.0.1 and earlier, and 3.1.0 and earlier; authenticated users who can log in to DolphinScheduler could exploit it. CVSSv3.1 base scor...

Apache DolphinScheduler 输入验证错误漏洞

Apache DolphinScheduler, a distributed DAG visualization-based workflow task scheduling system from the Apache Foundation, is vulnerable to an input validation error in Apache DolphinScheduler, which stems from incorrect validation of the script alert plugin parameter. No detailed vulnerability...

PT-2023-14788 · Apache · Apache Dolphinscheduler

Name of the Vulnerable Software and Affected Versions: Apache DolphinScheduler versions 3.0.1 and prior versions Apache DolphinScheduler versions 3.1.0 and prior versions Description: The issue is related to improper validation of script alert plugin parameters in Apache DolphinScheduler, which c...

WordPress Cross-Site Scripting Vulnerability (CNVD-2021-70735)

WordPress is a set of blogging platforms developed by the WordPress Wordpress Foundation using the PHP language. A cross-site scripting vulnerability exists in the WordPress plugin, which stems from a cross-site scripting XSS vulnerability in the settings page of the SMS Alert Order Notifications...