PT-2026-46317

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In versions 4.9.0 through 5.0.0, an authenticated user with project-editor permissions can store arbitrary HTML/JavaScript in the ChartDatasetConfig.legend field. The...

WordPress WP ULike plugin <= 5.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attribute vulnerability discovered by Quốc Huy jtwings - Puramu in WordPress Plugin WP ULike versions = 5.0.1...

CVE-2023-53917

Affiliate Me version 5.0.1 contains a SQL injection vulnerability in the admin.php endpoint that allows authenticated administrators to manipulate database queries. Attackers can exploit the 'id' parameter with crafted union-based queries to extract sensitive user information including usernames...

CVE-2025-67560

Public technical details about CVE-2025-67560 are not provided in the given documents; no confirmed affected products, root cause, or fixes are disclosed here. Monitor for updates.

CVE-2025-67560 WordPress Listdom plugin <= 5.0.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Webilia Inc. Listdom listdom allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Listdom: from n/a through = 5.0.1...

Security update for 7zip (moderate)

openSUSE Security Update: Security update for 7zip Announcement ID: openSUSE-SU-2025:0339-1 Rating: moderate References: 1246706 1246707 1249130 Cross-References: CVE-2025-53816 CVE-2025-53817 CVSS scores: CVE-2025-53816 SUSE: 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N...

CVE-2020-19263

A cross-site request forgery CSRF in MipCMS v5.0.1 allows attackers to arbitrarily escalate user privileges to administrator via index.php?s=/user/ApiAdminUser/itemEdit...

Digiwin ERP 代码问题漏洞

Digiwin ERP is an e-commerce platform from China Dingxin Digiwin. A code issue vulnerability exists in Digiwin ERP version 5.0.1, which originates from an unrestricted upload and could lead to a remote attack...

WordPress plugin AN_GradeBook SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

Akeneo PIM Development Repository 代码注入漏洞

Akeneo PIM Development Repository is an Akeneo open source repository . It is used to develop Akeneo PIM products. A code injection vulnerability exists in Akeneo PIM Development Repository versions prior to v5.0.119 and v6.0.53, which originates from a code injection vulnerability that could all...

OpenEMR 代码问题漏洞

OpenEMR is a medical practice management software that also supports electronic medical records EMR. A remote code execution vulnerability exists in OpenEMR 5.0.1. An attacker can exploit this vulnerability to upload and execute malicious PHP scripts via /controller.php...

PT-2020-15509 · Jenkins · Jenkins Warnings Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Warnings Plugin versions 5.0.1 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to execute arbitrary code. This issue arises because the plugin does not require POST requests for a form...

An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. This flaw occurs when an nbd-client sends a spec-compliant request that is near the boundary of maximum permitted request length. A remote nbd-client could use this flaw to crash the qemu-nbd server resulting in a denial of service.

...

Linux kernel memory leak vulnerability (CNVD-2019-31644)

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A memory leak vulnerability exists in registerqueuekobjects in net/core/net-sysfs.c in versions of Linux kernel prior to 5.0.1. An attacker could exploit this...

GHSA-2P78-8HH6-96XC feedparser Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in feedparser.py in Universal Feed Parser aka feedparser or python-feedparser 5.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via malformed XML comments...

PYSEC-2011-19

feedparser.py in Universal Feed Parser aka feedparser or python-feedparser before 5.0.1 allows remote attackers to cause a denial of service application crash via a malformed DOCTYPE declaration...

PT-2009-4041 · Microsoft · Internet Explorer

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer versions 5.01 SP4, 6, 6 SP1, and 7 Description: The issue allows remote attackers to execute arbitrary code via a crafted data stream header that triggers memory corruption. Recommendations: For Microsoft Internet...