Email Subscribers & Newsletters <= 5.3.1 - Authenticated SQL Injection

The Email Subscribers & Newsletters WordPress plugin before 5.3.2 does not correctly escape the order and orderby parameters to the ajaxfetchreportlist action, making it vulnerable to blind SQL injection attacks by users with roles as low as Subscriber. Further, it does not have any CSRF protecti...

CVE-2025-54407

Stored cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. If a user accesses a crafted page or URL, an arbitrary script may be executed on the web browser of the user...

CVE-2025-57820

Svelte devalue is a utility library. Prior to version 5.3.2, a string passed to devalue.parse could represent an object with a proto property and devalue.parse does not check that an index is numeric. This could result in assigning prototypes to objects and properties, leading to prototype...

Linux Distros Unpatched Vulnerability : CVE-2015-5206

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server before 5.3.x before 5.3.2 has unknown impact and attack vectors, a differe...

WordPress MailPoet plugin < 5.3.2 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin MailPoet versions 5.3.2...

Exploit for Unrestricted Upload of File with Dangerous Type in Rocklobster Contact_Form_7

wpCVE-2020-35489checker CVE-2020-35489 - Introduction T...

SUSE CVE-2022-3474

A bad credential handling in the remote assets API for Bazel versions prior to 5.3.2 and 4.2.3 sends all user-provided credentials instead of only the required ones for the requests. We recommend upgrading to versions later than or equal to 5.3.2 or 4.2.3...

CVE-2021-23443

This affects the package edge.js before 5.3.2. A type confusion vulnerability can be used to bypass input sanitization when the input to be rendered is an array instead of a string or a SafeValue, even if are used...

FusionForge Information Disclosure Vulnerability

FusionForge is a set of team collaboration development tools. The product includes features such as online communication, bug tracking and project management. A security vulnerability exists in FusionForge versions prior to 5.3.2. An attacker can exploit the vulnerability to access private data o...

Phusion Passenger SpawningKit Information Disclosure Vulnerability

Phusion Passenger is an Apache module from the Dutch company Phusion for deploying Ruby on Rails projects on Apache and Nginx web servers.SpawningKit is one of the components. A security vulnerability exists in SpawningKit in version 5.3.x of Phusion Passenger prior to 5.3.2. An attacker could...