Schneider Electric PowerChute Serial Shutdown < 1.5 Multiple Vulnerabilities (SEVD-2026-104-01)

The version of Schneider Electric PowerChute Serial Shutdown installed on the remote host is prior to 1.5. It is, therefore, affected by multiple vulnerabilities, including: - An improper limitation of a pathname to a restricted directory vulnerability exists that could cause critical files to be...

CVE-2025-48090

Path Traversal: '.../...//' vulnerability in CocoBasic Blanka - One Page WordPress Theme blanka-wp allows PHP Local File Inclusion.This issue affects Blanka - One Page WordPress Theme: from n/a through 1.5...

CVE-2025-48090

Path Traversal: '.../...//' vulnerability in CocoBasic Blanka - One Page WordPress Theme blanka-wp allows PHP Local File Inclusion.This issue affects Blanka - One Page WordPress Theme: from n/a through 1.5...

GHSA-M3F2-XJGC-2WP2 Drupal JSON Field is vulnerable to XSS

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal JSON Field allows Cross-Site Scripting XSS. This issue affects JSON Field: from 0.0.0 before 1.5...

CVE-2025-10926

CVE-2025-10926 affects the Drupal JSON Field module (before 1.5). The vulnerability arises from improper input neutralization during page generation, enabling Cross-Site Scripting (XSS). Affected: JSON Field module prior to 1.5. Impact: XSS risk on pages rendering JSON Field content. Remediation:...

Linux Distros Unpatched Vulnerability : CVE-2025-32807

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A path traversal vulnerability in FusionDirectory before 1.5 allows remote attackers to read arbitrary files on the host that end with .png and .svg or .xpm for...

CVE-2024-40113

Sitecom WLX-2006 Wall Mount Range Extender N300 v.1.5 and before is vulnerable to Use of Default Credentials...

CVE-2019-13564

XSS exists in Ping Identity Agentless Integration Kit before 1.5...

FusionDIrectory 安全漏洞

FusionDIrectory is a FusionDIrectory open source application. It is used to secure your identity management. A security vulnerability exists in FusionDIrectory versions prior to 1.5 that stems from a path traversal that could lead to reading arbitrary files...

CVE-2024-9149

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Wind Media E-Commerce Website Template allows SQL Injection. This issue affects E-Commerce Website Template: before v1.5...

CVE-2024-9149 SQLi in Wind Media's E-Commerce Website Template

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Wind Media E-Commerce Website Template allows SQL Injection. This issue affects E-Commerce Website Template: before v1.5...

CVE-2024-9149 SQLi in Wind Media's E-Commerce Website Template

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Wind Media E-Commerce Website Template allows SQL Injection. This issue affects E-Commerce Website Template: before v1.5...

Intel Extension for Transformers 路径遍历漏洞

Intel Extension for Transformers is an extension program from Intel Corporation USA. A path traversal vulnerability exists in Intel Extension for Transformers versions prior to 1.5. An attacker can exploit this vulnerability to elevate privileges...

CVE-2023-6673

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in National Keep Cyber Security Services CyberMath allows Reflected XSS. This issue affects CyberMath: from v.1.4 before v.1.5...

CVE-2023-6676

Cross-Site Request Forgery CSRF vulnerability in National Keep Cyber Security Services CyberMath allows Cross Site Request Forgery.This issue affects CyberMath: from v1.4 before v1.5...

CVE-2023-33759

SpliceCom Maximiser Soft PBX v1.5 and before does not restrict excessive authentication attempts, allowing attackers to bypass authentication via a brute force attack...

Easy!Appointments 授权问题漏洞

Easy!Appointments is a web-based appointment and schedule management system. A vulnerability in authorization issues exists in versions prior to Easy!Appointments 1.5.0, which can be exploited by an attacker to gain higher-level privileges or the ability to view sensitive data...

CVE-2022-36911

A cross-site request forgery CSRF vulnerability in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers to connect to an attacker-specified URL...

CVE-2021-24718

The Contact Form, Survey & Popup Form Plugin for WordPress plugin before 1.5 does not properly sanitize some of its settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2020-27149

By exploiting a vulnerability in NPort IA5150A/IA5250A Series before version 1.5, a user with “Read Only” privilege level can send requests via the web console to have the device’s configuration changed...