CVE-2025-14037

The Invelity Product Feeds plugin for WordPress is vulnerable to arbitrary file deletion via path traversal in all versions up to, and including, 1.2.6. This is due to missing validation and sanitization in the 'createManageFeedPage' function. This makes it possible for authenticated...

CVE-2025-57757

Contao is an Open Source CMS. In versions starting from 5.0.0 and prior to 5.3.38 and 5.6.1, if a news feed contains protected news archives, their news items are not filtered and become publicly available in the RSS feed. This issue has been patched in versions 5.3.38 and 5.6.1. A workaround...

Projectworlds Online Examination System 安全漏洞

Projectworlds Online Examination System is an online examination system from Projectworlds India. A security vulnerability exists in Projectworlds Online Examination System v1.0, which stems from an SQL injection vulnerability in the subject parameter of the feed.php page...

CVE-2023-34225

In JetBrains TeamCity before 2023.05 stored XSS in the NuGet feed page was possible...

CVE-2019-25012

The Webform Report project 7.x-1.x-dev for Drupal allows remote attackers to view submissions by visiting the /rss.xml page. NOTE: This project is not covered by Drupal's security advisory policy...