5 matches found
CVE-2026-15300
CVE-2026-15300 affects the GEO my WP WordPress plugin up to version 4.5.4. An SQL injection exists via the distance, lat, and lng parameters. Values are read from $_SERVER['QUERY_STRING'] with parse_str(), then passed through bare esc_sql() and interpolated into unquoted numeric positions in the ...
CVE-2026-46607
CVE-2026-46607 describes an insecure deserialization vulnerability in Glances, where a version-check cache file (~/.cache/glances/glances-version.db) is loaded with pickle without validation. An attacker with write access to the cache path can introduce a malicious pickle and achieve arbitrary co...
PT-2025-49933
Missing Authorization vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita meeting-scheduler-by-vcita allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a...
XunRuiCMS Security Vulnerability
XunRuiCloud Software Development XunRuiCMS XunRuiCMS is an open source content management system CMS from China's XunRuiCloud Software Development Company. A security vulnerability exists in XunRuiCMS version v4.5.5, which was discovered to contain a Reflected Cross-Site Scripting XSS vulnerabili...
@antgineering-studio/strapi (=4.5.5), @beardeddudes/strapi-types (>=0.1.0 <=0.1.1) +126 more potentially affected by CVE-2023-22621 via @strapi/plugin-email (>=0.0.0-a230f29587d4a221c9c686ca4e467b3fb465631a <=4.5.5)
@strapi/plugin-email NPM version =0.0.0-a230f29587d4a221c9c686ca4e467b3fb465631a, =0.1.0, =1.0.1, =4.12.2, =1.0.0, =4.2.0, =4.2.2, =0.0.1, =1.0.1, =0.1.1, =1.0.9, =0.0.1, =0.0.5 and more Source cves: CVE-2023-22621 Source advisory: OSV:GHSA-2H87-4Q2W-V4HF...