CVE-2026-5436 MW WP Form <= 5.1.1 - Unauthenticated Arbitrary File Move via regenerate_upload_file_keys

The MW WP Form plugin for WordPress is vulnerable to Arbitrary File Move/Read in all versions up to and including 5.1.1. This is due to insufficient validation of the $name parameter upload field key passed to the generateuserfiledirpath function, which uses WordPress's pathjoin — a function that...

CVE-2026-39863

CVE-2026-39863 affects the Kamailio core (formerly OpenSER/SER). Prior to versions 5.1.1, 6.0.6, and 5.8.8 , an out-of-bounds access in the core allows remote attackers to cause a denial of service via a specially crafted data packet sent over TCP. Impact is on Kamailio instances with TCP or TLS ...

WordPress RSS Aggregator by Feedzy plugin <= 5.1.1 - Unauthenticated Blind Server-Side Request Forgery vulnerability

Unauthenticated Blind Server-Side Request Forgery vulnerability discovered by Lucas Montes Nirox in WordPress Plugin Feedzy versions = 5.1.1...

CVE-2025-58260 WordPress Highlight and Share – Social Text and Image Sharing plugin <= 5.1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ronald Huereca Highlight and Share highlight-and-share allows Stored XSS.This issue affects Highlight and Share: from n/a through = 5.1.1...

BlueSpice 安全漏洞

BlueSpice is free Wiki software from BlueSpice based on the MediaWiki engine. A security vulnerability exists in BlueSpice versions 5 through 5.1.1, which stems from improper output encoding or escaping and could lead to cross-site scripting attacks...

PT-2024-29025 · Joomla · Hikashop

Name of the Vulnerable Software and Affected Versions: HikaShop Joomla Component versions prior to 5.1.1 Description: A stored cross-site scripting XSS issue allows remote attackers to execute arbitrary JavaScript in a user's web browser. This is achieved by including a malicious payload in the...

Craft CMS 安全漏洞

Craft CMS is a content management system CMS from Craft CMS open source. A security vulnerability exists in Craft CMS versions 5.0.0 through 5.1.1 that stems from the presence of a stored cross-site scripting vulnerability...

Jpress 路径遍历漏洞

Jpress is a blogging platform developed by Jpress team using Java language. A path traversal vulnerability exists in Jpress version 5.1.1 and earlier versions, which stems from a path traversal vulnerability in /admin/template/edit...

WordPress Plugin UserPro Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

WordPress Plugin UserPro Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

VulnCheck KEV: CVE-2023-2437

The UserPro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.1. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log in as any...

PT-2023-20812 · Unknown · Efr32 Bluetooth Le Stack

Name of the Vulnerable Software and Affected Versions: EFR32 Bluetooth LE stack versions 5.1.0 through 5.1.1 Description: A memory leak in the EFR32 Bluetooth LE stack allows an attacker to send an invalid pairing message, causing future legitimate connection attempts to fail. The error is...

SUSE CVE-2006-0200

Format string vulnerability in the error-reporting feature in the mysqli extension in PHP 5.1.0 and 5.1.1 might allow remote attackers to execute arbitrary code via format string specifiers in MySQL error messages...

Laurent Rineau CGAL 输入验证错误漏洞

CGAL is an open source application by Laurent Rineau. Provides easy access to efficient and reliable geometric algorithms in the form of C++ libraries. A code execution vulnerability exists in CGAL libcgal CGAL-5.1.1 version, which can be exploited by an attacker to craft a badly formatted file...

CVE-2021-36789

The datednews aka Dated News extension through 5.1.1 for TYPO3 allows SQL Injection...

PT-2021-7602 · Cgal +1 · Cgal Libcgal +1

Name of the Vulnerable Software and Affected Versions: CGAL libcgal version 5.1.1 Description: The issue exists in the Nef polygon-parsing functionality of CGAL libcgal. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, potentially resulting in code executio...

Unspecified Vulnerability in Mattermost Server (CNVD-2020-41166)

Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in Mattermost Server versions prior to 5.2 and prior to 5.1.1. An attacker can exploit the vulnerability to bypass authorization...

CVE-2017-13243

A information disclosure vulnerability in the Android system ui. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. ID: A-38258991...

CVE-2017-13159

An information disclosure vulnerability in the Android system activitymanagerservice. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-32879772...

CVE-2017-13154

An elevation of privilege vulnerability in the Android media framework libstagefright. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-63666573...