WordPress MW WP Form plugin <= 5.1.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by VanTastic in WordPress Plugin MW WP Form versions = 5.1.3...

EUVD-2025-208289

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the goform/formDeviceReboot...

CVE-2026-24732

Files or Directories Accessible to External Parties, Incorrect Permission Assignment for Critical Resource vulnerability in Hallo Welt! GmbH BlueSpice Extension:NSFileRepo modules allows Accessing Functionality Not Properly Constrained by ACLs, Bypassing Electronic Locks and Access Controls.This...

PT-2025-44712

Name of the Vulnerable Software and Affected Versions Employee Spotlight – Team Member Showcase & Meet the Team Plugin versions prior to 5.1.3 Description The Employee Spotlight – Team Member Showcase & Meet the Team Plugin for WordPress is susceptible to Stored Cross-Site Scripting through Socia...

novel-plus 安全漏洞

novel-plus is a novel reading software by xxy individual developer. A security vulnerability exists in novel-plus 5.1.3 and earlier versions, which stems from the mishandling of the parameter sort/order in the user management module, which may lead to an SQL injection attack...

novel-plus 安全漏洞

novel-plus is a novel reading software by xxy individual developer. A security vulnerability exists in novel-plus version 5.1.3 and earlier, which stems from a misbehavior of the function ajaxLogin that results in authentication bypass...

WordPress plugin Bold Page Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

ESP-IDF 安全漏洞

ESP-IDF is an open source development framework for Espressif SoCs supported on Windows, Linux and macOS by Espressif Systems. ESP-IDF has a security vulnerability that stems from the presence of a TOCTOU vulnerability. The vulnerability allows an attacker with physical access to the device's fla...

Silverstripe CMS GraphQL Server Security Vulnerability

Silverstripe CMS GraphQL Server is a tool that makes SilverStripe data available as a GraphQL representation. A security vulnerability exists in Silverstripe CMS GraphQL Server versions 4.x prior to 4.3.7 and 5.x prior to 5.1.3, which stems from the ability to bypass privilege checks...

VulnCheck KEV: CVE-2023-7102

Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parameter Injection.This issue affected Barracuda ESG Appliance, from 5.1.3.001 through 9.2.1.001, until Barracuda removed the vulnerable logic...

CVE-2023-50369

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Alma Alma – Pay in installments or later for WooCommerce allows Stored XSS.This issue affects Alma – Pay in installments or later for WooCommerce: from n/a through 5.1.3...

SUSE-SU-2023:3778-1 Security update for wireshark

This update for wireshark fixes the following issues: - Wireshark update to v3.6.16. - CVE-2023-4512: Fixed a bug in CBOR dissector which could lead to crash. bsc1214561 - CVE-2023-4511: Fixed a bug in BT SDP dissector which could lead to an infinite loop. bsc1214560 - CVE-2023-4513: Fixed a bug ...

SUSE CVE-2006-3018

Unspecified vulnerability in the session extension functionality in PHP before 5.1.3 has unknown impact and attack vectors related to heap corruption...

SUSE CVE-2018-2842

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBo...

CVE-2022-4346

The All-In-One Security AIOS WordPress plugin before 5.1.3 leaked settings of the plugin publicly, including the used email address...

GHSA-6278-2Q4M-CMF3 ZK Framework vulnerable to malicious POST

ZK Framework version 9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the component AuUploader...

CVE-2022-27662

On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Template Injection vulnerability exists in an undisclosed page of the Traffix SDC Configuration utility that allows an attacker to execute template language-specific instructions in the context...