15 matches found
CVE-2026-9711 EventON - WordPress Virtual Event Calendar Plugin <= 5.0.11 - Unauthenticated Blind SQL Injection via Search Parameter
The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress full is vulnerable to SQL Injection via the WordPress 'search' parameter in versions up to, and including, 5.0.11 due to insufficient escaping on the user supplied parameter and lack of preparation on the existing SQL quer...
CVE-2026-9620
CVE-2026-9620 concerns the WordPress plugin WP Latest Posts (≤ 5.0.11). It enables a Stored Cross-Site Scripting (XSS) via crafted image src attributes in post content. The root cause is insufficient output escaping in the plugin’s field() and loop() functions, which extract the raw src from img ...
WordPress WP Latest Posts plugin <= 5.0.11 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability
Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP Latest Posts versions = 5.0.11...
CVE-2025-53444
Cross-Site Request Forgery CSRF vulnerability in DeluxeThemes Userpro userpro allows Cross Site Request Forgery.This issue affects Userpro: from n/a through 5.1.11...
CVE-2025-53444
The CVE describes a Cross‑Site Request Forgery (CSRF) vulnerability in the DeluxeThemes WordPress Userpro plugin prior to version 5.1.11, allowing CSRF exploitation. Affected software: WordPress Userpro plugin (pre-5.1.11). Root cause details are not expanded in the provided documents beyond the ...
CVE-2026-39647
Server-Side Request Forgery SSRF vulnerability in sonaar MP3 Audio Player for Music, Radio & Podcast by Sonaar mp3-music-player-by-sonaar allows Server Side Request Forgery.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through = 5.11...
WordPress RSS Aggregator - RSS Import, News Feeds, Feed to Post, and Autoblogging plugin <= 5.0.11 - Unauthenticated DOM-Based Reflected Cross-Site Scripting via postMessage vulnerability
WordPress RSS Aggregator - RSS Import, News Feeds, Feed to Post, and Autoblogging plugin = 5.0.11 - Unauthenticated DOM-Based Reflected Cross-Site Scripting via postMessage vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - cyberdogzmarketing.com | krei.dev | ogbuilders.io in WordPress...
EUVD-2026-10137
The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via postMessage in all versions up to, and including, 5.0.11. This is due to the plugin's admin-shell.js registering a global message event listener...
WordPress TheGem Theme Elements (for WPBakery) plugin <= 5.11.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin TheGem Theme Elements for WPBakery versions = 5.11.0...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-414665)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-414665 advisory. A NULL pointer dereference flaw in Linux kernel versions prior to 5.11 may be seen if scosockgetsockopt function in net/bluetooth/sco.c do not have a sanity check fo...
CVE-2024-57412
An issue in SunOS Omnios v5.11 allows attackers to cause a Denial of Service DoS via repeatedly sending crafted TCP packets...
CVE-2025-32021 Weblate VCS credentials included in URL parameters are potentially logged and saved into browser history as plaintext
Weblate is a web based localization tool. Prior to version 5.11, when creating a new component from an existing component that has a source code repository URL specified in settings, this URL is included in the client's URL parameters during the creation process. If, for example, the source code...
CVE-2023-47716
IBM CP4BA - Filenet Content Manager Component 5.5.8.0, 5.5.10.0, and 5.5.11.0 could allow a user to gain the privileges of another user under unusual circumstances. IBM X-Force ID: 271656...
PT-2021-2432 · Linux +5 · Linux Kernel +5
Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 5.11.6 Description: The issue is related to the rtw wx set scan function in the Linux kernel, which allows writing beyond the end of the -ssid array. This can lead to a buffer overflow in memory. The exploitation...
dayrui FineCms 'checktitle' Function Cross-Site Scripting Vulnerability
dayrui FineCms is China Tianrui dayrui program design team released a set of content management system CMS using MVC architecture and PDO database interface development. A cross-site scripting vulnerability exists in the 'checktitle' function in the controllers/member/api.php file in version 5.0....