CVE-2026-44643 Angular Expressions - Remote Code Execution using filters

Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to 1.5.2, an attacker can write a malicious expression using filters that escapes the sandbox to execute arbitrary code on the system. This vulnerability is fixed in 1.5.2...

CVE-2026-44643

CVE-2026-44643 affects the standalone Angular Expressions module used with AngularJS. Before version 1.5.2, an attacker can craft a malicious expression using filters that escapes the sandbox and leads to arbitrary code execution on the system. The vulnerability is fixed in 1.5.2. Affected descri...

CVE-2026-25349

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in skygroup Loobek loobek allows Reflected XSS.This issue affects Loobek: from n/a through 1.5.2...

EUVD-2026-15664

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in skygroup Loobek loobek allows Reflected XSS.This issue affects Loobek: from n/a through 1.5.2...

CVE-2026-25349

CVE-2026-25349 is a Reflected XSS in the Loobek WordPress theme (Loobek) affecting versions from n/a up to before 1.5.2. The CVE is rated with a CVSSv3.1 base score of 7.1 (HIGH), indicating network-attackable, low complexity, with no privileges required and user interaction required. The Wordfen...

CVE-2026-25349 WordPress Loobek theme < 1.5.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in skygroup Loobek loobek allows Reflected XSS.This issue affects Loobek: from n/a through 1.5.2...

PT-2026-27910

Name of the Vulnerable Software and Affected Versions skygroup Loobek versions prior to 1.5.2 Description The software contains a flaw due to improper handling of user-supplied data when creating web pages, potentially leading to reflected cross-site scripting XSS. This allows an attacker to inje...

Linux Distros Unpatched Vulnerability : CVE-2017-9106

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in adns before 1.5.2. adnsrrinfo mishandles a bogus datap. The general pattern for formatting integers is to sprintf into a fixed-size...

Linux Distros Unpatched Vulnerability : CVE-2017-9108

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in adns before 1.5.2. adnshost mishandles a missing final newline on a stdin read. It is wrong to increment used as well as setting r,...

Linux Distros Unpatched Vulnerability : CVE-2022-45693

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Jettison before v1.5.2 was discovered to contain a stack overflow via the map parameter. This vulnerability allows attackers to cause a Denial of Service DoS vi...

Linux Distros Unpatched Vulnerability : CVE-2020-1957

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass. CVE-2020-195...

CVE-2021-25111

The English WordPress Admin WordPress plugin before 1.5.2 does not validate the admincustomlanguagereturnurl before redirecting users o it, leading to an open redirect issue...

WordPress plugin Smart Maintenance Mode 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

CVE-2024-12682 Smart Maintenance Mode < 1.5.2 - Admin+ Stored XSS

The Smart Maintenance Mode WordPress plugin before 1.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

PT-2025-4925 · Unknown · Rsvpmaker Volunteer Roles

Name of the Vulnerable Software and Affected Versions: RSVPMaker Volunteer Roles versions 1.5.1 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows reflected Cross-site Scripting XSS. This enables attackers to inject malicious...

SUSE CVE-2020-3996

Velero prior to 1.4.3 and 1.5.2 in some instances doesn't properly manage volume identifiers which may result in information leakage to unauthorized users...

PT-2023-7010 · Phpipam · Phpipam

Name of the Vulnerable Software and Affected Versions: phpipam versions prior to 1.5.2 Description: The issue allows attackers to enumerate arbitrary fields in the LDAP server and access sensitive data via a crafted POST request. This is possible due to a LDAP injection vulnerability via the dnam...

phpIPAM SQL注入漏洞

phpIPAM is an open source PHP and MySQL based IP address management application IPAM. A SQL injection vulnerability exists in phpIPAM versions prior to 1.5.2. An attacker exploits this vulnerability to perform SQL injection attacks...

SUSE CVE-2017-9104

An issue was discovered in adns before 1.5.2. It hangs, eating CPU, if a compression pointer loop is encountered...

PT-2023-19092 · Unknown · Go-Unixfsnode

Name of the Vulnerable Software and Affected Versions: go-unixfsnode versions prior to 1.5.2 Description: The issue is caused by a bogus fanout parameter in the HAMT directory nodes, which can lead to panics and virtual memory leaks when trying to read malformed HAMT sharded directories. If...