21 matches found
CVE-2026-57642
Contributor SQL Injection in Gallery = 4.7.8 versions...
EUVD-2026-39757
Contributor SQL Injection in Gallery = 4.7.8 versions...
WordPress Gallery plugin <= 4.7.8 - SQL Injection vulnerability
SQL Injection vulnerability discovered by dodoh4t in WordPress Plugin Gallery versions = 4.7.8...
CVE-2026-33938 Handlebars.js has JavaScript Injection via AST Type Confusion by tampering @partial-block
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the @partial-block special variable is stored in the template data context and is reachable and mutable from within a template via helpers that accept arbitrary objects. When a helper...
CVE-2026-33937 Handlebars.js has JavaScript Injection via AST Type Confusion
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, Handlebars.compile accepts a pre-parsed AST object in addition to a template string. The value field of a NumberLiteral AST node is emitted directly into the generated JavaScript withou...
WordPress rtMedia for WordPress, BuddyPress and bbPress plugin <= 4.7.8 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Doan Dinh Van in WordPress Plugin rtMedia for WordPress, BuddyPress and bbPress versions = 4.7.8...
CVE-2025-63059
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in arscode Ninja Popups arscode-ninja-popups allows Stored XSS.This issue affects Ninja Popups: from n/a through = 4.7.8...
CVE-2025-54737
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NooTheme Jobmonster noo-jobmonster allows Reflected XSS.This issue affects Jobmonster: from n/a through = 4.7.8...
CVE-2025-54737
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NooTheme Jobmonster noo-jobmonster allows Reflected XSS.This issue affects Jobmonster: from n/a through = 4.7.8...
CVE-2025-54737 WordPress Jobmonster theme <= 4.7.8 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NooTheme Jobmonster noo-jobmonster allows Reflected XSS.This issue affects Jobmonster: from n/a through = 4.7.8...
CVE-2025-54737
CVE-2025-54737 describes a Reflected XSS in NooTheme Jobmonster/noo-jobmonster due to improper input neutralization during web page generation, affecting WordPress Jobmonster theme
WordPress plugin Jobmonster 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
WordPress Jobmonster theme <= 4.7.8 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Ananda Dhakal Patchstack in WordPress Theme Jobmonster versions = 4.7.8...
WordPress Jobmonster theme <= 4.7.8 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Jobmonster versions = 4.7.8...
SUSE-SU-2025:0723-1 Security update for vim
This update for vim fixes the following issues: Update to version 9.1.1101: - CVE-2024-43790: possible out-of-bounds read when performing a search command bsc1229685. - CVE-2024-43802: heap buffer overflow due to incorrect flushing of the typeahead buffer bsc1229822. - CVE-2024-45306: heap buffer...
Jenkins 安全漏洞
Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. A security vulnerability exists in Jenkins 2.478 and earlier and LTS 2.462.2 and earlier, which stems from a failed...
CVE-2024-7781
The Jupiter X Core plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.7.5. This is due to improper authentication via the Social Login widget. This makes it possible for unauthenticated attackers to log in as the first user to have logged in with a...
CVE-2023-44993
Cross-Site Request Forgery CSRF vulnerability in QuantumCloud AI ChatBot plugin = 4.7.8 versions...
WordPress plugin AI ChatBot cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
CVE-2022-47880
creationtimestamp| type| source ---|---|--- 2023-05-12 18:27:09+00:00| seen| https://t.me/cibsecurity/64023...