558 matches found
WordPress Boost plugin <= 2.0.3 - Unauthenticated PHP Object Injection vulnerability
Unauthenticated PHP Object Injection vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin Boost versions = 2.0.3...
CVE-2026-9010
The Boost plugin for WordPress is vulnerable to time-based SQL Injection via the 'currenturl' and 'username' parameters in versions up to, and including, 2.0.3 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL queries. This makes i...
CVE-2026-7637
The Boost plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.0.3 via deserialization of untrusted input in the STYXKEY-BOOSTUSERLOCATION cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present i...
CVE-2026-7637
The Boost plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.0.3 via deserialization of untrusted input in the STYXKEY-BOOSTUSERLOCATION cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present i...
CVE-2026-7637 Boost <= 2.0.3 - Unauthenticated PHP Object Injection via STYXKEY-BOOST_USER_LOCATION Cookie
The Boost plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.0.3 via deserialization of untrusted input in the STYXKEY-BOOSTUSERLOCATION cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present i...
EUVD-2026-31045
The Boost plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.0.3 via deserialization of untrusted input in the STYXKEY-BOOSTUSERLOCATION cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present i...
CVE-2026-7637 Boost <= 2.0.3 - Unauthenticated PHP Object Injection via STYXKEY-BOOST_USER_LOCATION Cookie
The Boost plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.0.3 via deserialization of untrusted input in the STYXKEY-BOOSTUSERLOCATION cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present i...
CVE-2026-7637
The CVE-2026-7637 entry concerns the Boost plugin for WordPress (versions up to and including 2.0.3). The vulnerability is a PHP Object Injection via deserialization of untrusted input in the STYXKEY-BOOST_USER_LOCATION cookie. It requires no authenticated privileges and no user interaction. The ...
EUVD-2026-31044
The Boost plugin for WordPress is vulnerable to time-based SQL Injection via the 'currenturl' and 'username' parameters in versions up to, and including, 2.0.3 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL queries. This makes i...
CVE-2026-9010
The CVE concerns the Boost plugin for WordPress, affected through time-based SQL Injection in the plugin’s handling of the current_url and user_name parameters. Vulnerable in versions up to and including 2.0.3 due to insufficient escaping of user-supplied inputs and inadequate preparation of exis...
CVE-2026-9010 Boost <= 2.0.3 - Unauthenticated Blind SQL Injection via Multiple Parameters
The Boost plugin for WordPress is vulnerable to time-based SQL Injection via the 'currenturl' and 'username' parameters in versions up to, and including, 2.0.3 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL queries. This makes i...
CVE-2026-9010 Boost <= 2.0.3 - Unauthenticated Blind SQL Injection via Multiple Parameters
The Boost plugin for WordPress is vulnerable to time-based SQL Injection via the 'currenturl' and 'username' parameters in versions up to, and including, 2.0.3 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL queries. This makes i...
CVE-2026-9010
The Boost plugin for WordPress is vulnerable to time-based SQL Injection via the 'currenturl' and 'username' parameters in versions up to, and including, 2.0.3 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL queries. This makes i...
PT-2026-42102
The Boost plugin for WordPress is vulnerable to time-based SQL Injection via the 'current url' and 'user name' parameters in versions up to, and including, 2.0.3 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL queries. This makes...
WordPress plugin Boost 代码问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...
PT-2026-42100
The Boost plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.0.3 via deserialization of untrusted input in the STYXKEY-BOOST USER LOCATION cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present...
EUVD-2025-209517
Dell PowerProtect Data Domain BoostFS for client of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain an insufficiently protected credentials vulnerability. A low privileged attacker with...
Dell PowerProtect Data Domain 安全漏洞
Dell PowerProtect Data Domain is a set of hardware devices developed by the American company Dell, used for data protection, backup, storage, and de-duplication. Security vulnerabilities exist in versions 7.7.1.0 to 8.5 of Dell PowerProtect Data Domain BoostFS, as well as in versions 8.3.1.0 to...
obfuscate_xss_detection_boosting_
No d...
[SECURITY] Fedora 43 Update: uv-0.10.12-1.fc43
An extremely fast Python package and project manager, written in Rust. Highlights: =E2=80=A2 A single tool to replace pip, pip-tools, pipx, poetry, pyenv, twi ne, virtualenv, and more. =E2=80=A2 10-100x faster than pip. =E2=80=A2 Provides comprehensive project management, with a universal lockf...