Exposed Dangerous Method or Function

Overview webpack-dev-server is an Uses webpack with a development server that provides live reloading. It should be used for development only. Affected versions of this package are vulnerable to Exposed Dangerous Method or Function in Server.js, when handling non-HTTPS responses. An attacker can...

EUVD-2026-20402

Missing Authorization vulnerability in Andrew ShopWP wpshopify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShopWP: from n/a through = 5.2.4...

CVE-2026-39701 WordPress ShopWP plugin <= 5.2.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in Andrew ShopWP wpshopify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShopWP: from n/a through = 5.2.4...

PT-2025-47700

The HotelRunner Booking Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'hotelrunner' shortcode in all versions up to, and including, 5.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

Nagios XI 安全漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI versions prior to 5.2.4, which stems from insufficient...

SUSE CVE-2019-2523

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualB...

PT-2022-20050 · Opencti · Opencti

Name of the Vulnerable Software and Affected Versions: OpenCTI versions 5.2.4 and earlier Description: A broken access control issue has been identified in the profile endpoint. This allows an attacker to change their registered e-mail address and API key, despite this action not being possible...

MingSoft Mcms 代码问题漏洞

MingSoft Mcms is a complete open source J2ee system from MingSoft. A security vulnerability exists in MingSoft Mcms v5.2.4, which stems from the lack of file restrictions and filters in the New Template module of the software, leading to an arbitrary file upload vulnerability that can be exploite...

CVE-2020-14699

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Orac...

UBUNTU-CVE-2019-17672

WordPress before 5.2.4 is vulnerable to a stored XSS attack to inject JavaScript into STYLE elements...

Oracle VM VirtualBox Access Control Error Vulnerability (CNVD-2019-27297)

Oracle Virtualization is a set of virtualization solutions from Oracle Corporation. The solution is used to unify the management of the entire hardware and software system from applications to disks, enabling virtualization from the desktop to the data center.VM VirtualBox is one of the virtual...

Multiple Cross-Site Scripting Vulnerabilities in Fortinet FortiManager (CNVD-2015-07355)

Fortinet FortiManager is a centralized network security management platform from Fortinet. The platform supports centralized management of any number of Fortinet devices and can group devices into different management domains ADOM to further simplify multi-device security deployment and managemen...