EUVD-2026-37054

Unauthenticated Sensitive Data Exposure in GetGenie = 4.4.1 versions...

CVE-2026-40793

Subscriber Broken Access Control in Groundhogg 4.4.1 versions...

WordPress Contact Form 7 Multi-Step Forms plugin <= 4.4.1 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Contact Form 7 Multi-Step Forms versions = 4.4.1...

CVE-2026-31955

Xibo is an open source digital signage platform with a web content management system and Windows display player software. An authenticated Server-Side Request Forgery SSRF vulnerability in versions prior to 4.4.1 allows users with DataSet permissions to make arbitrary HTTP requests from the CMS...

CVE-2026-25454 WordPress The League theme <= 4.4.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in MVPThemes The League the-league allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The League: from n/a through = 4.4.1...

N2W 安全漏洞

N2W is a data backup and recovery software developed by N2W Corporation. Versions of N2W prior to 4.3.2 and 4.4.1 contained security vulnerabilities. These vulnerabilities were due to deceptive vulnerabilities, which could lead to remote code execution and theft of account credentials...

CVE-2026-25368

Missing Authorization vulnerability in codepeople Calculated Fields Form calculated-fields-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Calculated Fields Form: from n/a through = 5.4.4.1...

CVE-2026-25368 WordPress Calculated Fields Form plugin <= 5.4.4.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in codepeople Calculated Fields Form calculated-fields-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Calculated Fields Form: from n/a through = 5.4.4.1...

CVE-2023-50441

Encrypted folders created by PRIMX ZONECENTRAL for Windows before Q.2021.2 ANSSI qualification submission or ZONECENTRAL for Windows before 2023.5 can be modified by an unauthenticated attacker to include a UNC reference so that it could trigger outbound network traffic from computers on which...

CVE-2025-13731

The Nexter Extension – Site Enhancements Toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'nxt-year' shortcode in all versions up to, and including, 4.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

EUVD-2025-34788

PrestaShop Checkout Target PayPal merchant account hijacking from backoffice...

CVE-2025-61923 PrestaShop Checkout Backoffice directory traversal allows arbitrary file disclosure

PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. In versions prior to 4.4.1 and 5.0.5, the backoffice is missing validation on input resulting in a directory traversal and arbitrary file disclosure. The vulnerability is fixed in versions 4.4.1 and 5.0.5. N...

CVE-2025-61923 PrestaShop Checkout Backoffice directory traversal allows arbitrary file disclosure

PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. In versions prior to 4.4.1 and 5.0.5, the backoffice is missing validation on input resulting in a directory traversal and arbitrary file disclosure. The vulnerability is fixed in versions 4.4.1 and 5.0.5. N...

Juniper Security Director 安全漏洞

Juniper Security Director is a centralized management platform for security devices from Juniper USA. A security vulnerability exists in Juniper Security Director version 24.4.1 that stems from an authorization gap and could lead to the disclosure of sensitive information...

WordPress CM Tooltip Glossary plugin <= 4.4.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis Patchstack Alliance in WordPress Plugin CM Tooltip Glossary versions = 4.4.1...

WordPress Elevio plugin <= 4.4.1 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Elevio versions = 4.4.1...

PT-2024-29584

Name of the Vulnerable Software and Affected Versions fast-xml-parser versions prior to 4.4.1 Description A ReDOS issue exists in the currency.js component of the fast-xml-parser library, specifically affecting the experimental version 5. This issue can cause a denial of service during currency...

WordPress Plugin WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports PHP and MySQL servers to set up a personal blog site. WordPress plugin is an application plugin. A security vulnerability exists in...

CVE-2022-44137

creationtimestamp| type| source ---|---|--- 2022-12-30 07:13:38+00:00| seen| https://t.me/cibsecurity/55544 2025-04-11 22:51:21+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/11495...

Gluu 代码问题漏洞

Gluu is a cloud-hosted identity platform from the US-based Gluu organization. A security vulnerability exists in Gluu Oxauth versions prior to v4.4.1, which can be exploited by an attacker to perform a server-side request forgery SSRF attack via a crafted requesturi parameter...