68 matches found
PT-2026-35373
Name of the Vulnerable Software and Affected Versions Apache MINA versions 2.0.0 through 2.0.27 Apache MINA versions 2.1.0 through 2.1.10 Apache MINA versions 2.2.0 through 2.2.5 Description A flaw in the resolveClass function of AbstractIoBuffer allows a bypass of the classname allowlist for...
CVE-2025-14375
The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 5.0.10 due to insufficient input sanitization and output escaping. This makes it...
CVE-2025-14375
The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 5.0.10 due to insufficient input sanitization and output escaping. This makes it...
WordPress RSS Aggregator - RSS Import, News Feeds, Feed to Post, and Autoblogging plugin <= 5.0.10 - Reflected Cross-Site Scripting via className vulnerability
WordPress RSS Aggregator - RSS Import, News Feeds, Feed to Post, and Autoblogging plugin = 5.0.10 - Reflected Cross-Site Scripting via className vulnerability discovered by Deadbee - NA in WordPress Plugin WP RSS Aggregator versions = 5.0.10...
CVE-2025-14375 RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging <= 5.0.10 - Reflected Cross-Site Scripting via className
The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 5.0.10 due to insufficient input sanitization and output escaping. This makes it...
CVE-2025-14375 RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging <= 5.0.10 - Reflected Cross-Site Scripting via className
The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 5.0.10 due to insufficient input sanitization and output escaping. This makes it...
CVE-2025-14375
CVE-2025-14375 concerns the WordPress plugin “RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging.” Reports consistently describe a Reflected Cross-Site Scripting vulnerability via the className parameter in versions up to and including 5.0.10, arising from insufficient input ...
CVE-2025-14375
The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 5.0.10 due to insufficient input sanitization and output escaping. This makes it...
EUVD-2025-28448
Malicious code in bioql PyPI...
Prototype Pollution
Overview parse is a library that gives you access to the powerful Parse Server backend from your JavaScript app. Affected versions of this package are vulnerable to Prototype Pollution via the initializeState function. An attacker can cause a denial of service by injecting malicious properties in...
Malicious code in tailwind-classname-overrides (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 778af8e6403754b5650e5c08f6d16458ed8399f7cb2886350369e04ac242e07f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious Package
Overview tailwind-classname-overrides is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
MAL-2025-47104 Malicious code in tailwind-classname-overrides (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 778af8e6403754b5650e5c08f6d16458ed8399f7cb2886350369e04ac242e07f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2025-6255
The Dynamic AJAX Product Filters for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2025-6255
CVE-2025-6255 affects the WordPress plugin Dynamic AJAX Product Filters for WooCommerce . Root cause: insufficient input sanitization and output escaping in the className parameter, enabling Stored Cross‑Site Scripting . Affected versions: all up to and including 1.3.7 . Impact: authenticated att...
CVE-2025-6255 Dynamic AJAX Product Filters for WooCommerce <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via className Parameter
The Dynamic AJAX Product Filters for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
PT-2025-34969
Name of the Vulnerable Software and Affected Versions: Dynamic AJAX Product Filters for WooCommerce plugin for WordPress versions prior to 1.3.8 Description: The Dynamic AJAX Product Filters for WooCommerce plugin for WordPress is susceptible to Stored Cross-Site Scripting via the className...
CVE-2025-5754 Useful Tab Block – Responsive & AMP-Compatible <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via className Parameter
The Useful Tab Block – Responsive & AMP-Compatible plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
Pre-School Enrollment System add-class.php File SQL Injection Vulnerability
Pre-School Enrollment System is a web-based preschool enrollment system. The Pre-School Enrollment System suffers from a SQL injection vulnerability that originates from the lack of validation of the classname parameter in the file /admin/add-class.php for externally entered SQL statements. An...
CVE-2025-6320
A vulnerability, which was classified as critical, was found in PHPGurukul Pre-School Enrollment System 1.0. Affected is an unknown function of the file /admin/add-class.php. The manipulation of the argument classname leads to sql injection. It is possible to launch the attack remotely. The explo...