WordPress plugin Inquiry Form to Posts or Pages 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

SourceCodester Employee Task Management System SQL注入漏洞

SourceCodester Employee Task Management System is an open-source employee task management system developed by SourceCodester. Versions of the SourceCodester Employee Task Management System prior to 1.0 contained a SQL injection vulnerability. This vulnerability stemmed from the handling of the Da...

PHPGurukul Student Record Management System 代码注入漏洞

PHPGurukul Student Record Management System is a student record management system developed by PHPGurukul Corporation. Versions of the PHPGurukul Student Record Management System prior to 1.0 contained a code injection vulnerability. This vulnerability stemmed from incorrect handling of parameter...

CVE-2026-24807

Improper Verification of Cryptographic Signature vulnerability in liuyueyi quick-media plugins/svg-plugin/batik-codec-fix/src/main/java/org/apache/batik/ext/awt/image/codec/util modules. This vulnerability is associated with program files SeekableOutputStream.Java. This issue affects quick-media:...

CVE-2026-1465

CVE-2026-1465 affects anyRTC-RTMP-OpenSource (before 1.0) via improper restriction of operations within the bounds of a memory buffer in third_party/faad2-2.7/libfaad modules (bits.C, syntax.C). Red Hat, NVD, OSV and CVE lists describe it as a heap-based buffer over-read/overflow in tildearrow/fu...

EUVD-2026-4715

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in anyrtcIO-Community anyRTC-RTMP-OpenSource thirdparty/faad2-2.7/libfaad modules. This vulnerability is associated with program files bits.C, syntax.C. This issue affects anyRTC-RTMP-OpenSource: before 1.0...

PT-2026-4875

Improper Control of Generation of Code 'Code Injection' vulnerability in liuyueyi quick-media plugins/svg-plugin/batik-codec-fix/src/main/java/org/apache/batik/ext/awt/image/codec/png modules. This vulnerability is associated with program files PNGImageEncoder.Java. This issue affects quick-media...

CVE-2025-65807

An issue in sd command v1.0.0 and before allows attackers to escalate privileges to root via a crafted command...

WordPress plugin CSV Sumotto 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-44938

Name of the Vulnerable Software and Affected Versions Bootstrap Multi-language Responsive Portfolio versions prior to 1.0 Description The Bootstrap Multi-language Responsive Portfolio plugin for WordPress is susceptible to Stored Cross-Site Scripting through admin settings. Insufficient input...

Linux Distros Unpatched Vulnerability : CVE-2019-1010083

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data...

PT-2025-33467 · WordPress · Inpersttion For Theme

Name of the Vulnerable Software and Affected Versions: Inpersttion For Theme plugin for WordPress versions prior to 1.0 Description: The Inpersttion For Theme plugin for WordPress is susceptible to Remote Code Execution in versions up to and including 1.0 via the theme section shortcode function...

PT-2025-4511 · Kentothemes · Kentothemes Justified Image Gallery

Name of the Vulnerable Software and Affected Versions: KentoThemes Justified Image Gallery versions prior to 1.0 Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting', which allows stored XSS. Recommendations: For...

WordPress Plugin iframe forms cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

WordPress Plugin Interactive SVG Image Map Builder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

PT-2023-10125 · Agnivade · Easy-Scrypt

Name of the Vulnerable Software and Affected Versions: agnivade easy-scrypt versions prior to 1.0.0 Description: A vulnerability was found in agnivade easy-scrypt, affecting the VerifyPassphrase function of the file scrypt.go. The manipulation leads to observable timing discrepancy. The complexit...

CVE-2022-34970

Crow before 1.0+4 has a heap-based buffer overflow via the function qsparse in querystring.h. On successful exploitation this vulnerability allows attackers to remotely execute arbitrary code in the context of the vulnerable service...

libyang resource management error vulnerability (CNVD-2020-10241)

libyang is a YANG data modeling language parser and toolkit written in C. It can be used as a toolkit for data modeling. A resource management error vulnerability exists in the 'yyparse' function in versions of libyang prior to 1.0-r1. An attacker can exploit this vulnerability to cause an...

DEBIAN-CVE-2019-20396

A segmentation fault is present in yyparse in libyang before v1.0-r1 due to a malformed pattern statement value during lysparsepath parsing...

PT-2020-1242 · Libyang · Libyang

Name of the Vulnerable Software and Affected Versions: libyang versions prior to 1.0-r3 Description: A NULL pointer dereference issue is present in the lys extension instances free function due to a copy of unresolved extensions in lys restr dup. This can cause applications that use libyang to...