CVE-2026-44502

Bugsink (self-hosted error tracking) has an SSRF bypass vulnerability in the webhook URL validation (validate_webhook_url) affecting versions before 2.1.3. The root cause is a mismatch between Python URL parsing (urllib.parse.urlparse) and the HTTP client stack (requests/urllib3) for malformed in...

Drupal Login Disable 安全漏洞

Drupal Login Disable is an extension module for the Drupal content management system designed to restrict or disable user login functionality. Versions of Drupal Login Disable prior to 2.1.3 contained a security vulnerability; this vulnerability stemmed from using alternative paths or channels to...

PT-2025-5478 · Webtoffee · Webtoffee Wishlist For Woocommerce

Name of the Vulnerable Software and Affected Versions: WebToffee Wishlist for WooCommerce versions prior to 2.1.3 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an...

CVE-2023-45069

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Video Gallery by Total-Soft Video Gallery – Best WordPress YouTube Gallery Plugin allows SQL Injection.This issue affects Video Gallery – Best WordPress YouTube Gallery Plugin: from n/a through 2.1...