PT-2026-45903

Name of the Vulnerable Software and Affected Versions Vinyl Cache versions prior to 9.0.1 Varnish Cache versions prior to 9.0.3 Description A deficiency in HTTP/2 request parsing allows for backend request desync attacks, also known as request smuggling. This occurs when the frontend and backend...

CVE-2025-14705

A vulnerability was determined in Shiguangwu sgwbox N3 2.0.25. This affects an unknown function of the component SHARESERVER Feature. This manipulation of the argument params causes command injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilize...

PT-2025-1845 · WordPress · Compare Products For Woocommerce

Name of the Vulnerable Software and Affected Versions: Compare Products for WooCommerce plugin for WordPress versions up to, and including, 3.2.1 Description: The issue is related to Reflected Cross-Site Scripting via the s feature parameter due to insufficient input sanitization and output...

PT-2024-37967 · WordPress · Dynamic Featured Image

Name of the Vulnerable Software and Affected Versions: Dynamic Featured Image plugin for WordPress versions up to, and including, 3.7.0 Description: The issue is related to Stored Cross-Site Scripting via the dfiFeatured parameter due to insufficient input sanitization and output escaping. This...

Password Storage Application 跨站脚本漏洞

Password Storage Application is a password storage application by the individual developer Carlo Montero. A security vulnerability exists in version 1.0 of Password Storage Application that allows an attacker to implement multiple cross-site scripts via the Name, Username, Description, and Site...