5 matches found
CVE-2026-14475
The Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin for WordPress is vulnerable to generic SQL Injection via the 'scanid' parameter in all versions up to, and including, 4.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...
CVE-2026-12137 SysBasics Customize My Account for WooCommerce <= 4.3.6 - Reflected Cross-Site Scripting via 'tab' Parameter
The SysBasics Customize My Account for WooCommerce – Dashboard, Endpoints, Avatar & Menu Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 4.3.6 due to insufficient input sanitization and output escaping. Thi...
CVE-2026-6991
A vulnerability was determined in colinhacks Zod up to 4.3.6. The impacted element is an unknown function of the file packages/zod/src/v4/core/regexes.ts of the component CUID Data Type Handler. Executing a manipulation can lead to sql injection. The attack can be launched remotely. The exploit h...
Fedora 43 : singularity-ce (2025-d3cd3e7cf0)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-d3cd3e7cf0 advisory. Upgrade to 4.3.6 upstream version. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...
BaserCMS Cross-Site Scripting Vulnerability (CNVD-2020-49572)
BaserCMS is an open source enterprise-level content management system cms. BaserCMS 4.3.6 and earlier versions of contentfields.php, contentinfo.php, contentoptions.php, contentrelated.php, indexlisttree.php, jquery.bcTree. A cross-site scripting vulnerability exists in the js component. An...