46 matches found
CVE-2026-41143
YesWiki is a wiki system written in PHP. Prior to version 4.6.1, YesWiki bazar module contains a SQL injection vulnerability in tools/bazar/services/EntryManager.php at line 704. The $data'idfiche' value sourced from $POST'idfiche' is concatenated directly into a raw SQL query without any...
CVE-2026-41143 YesWiki vulnerable to authenticated SQL Injection via id_fiche in EntryManager::formatDataBeforeSave()
YesWiki is a wiki system written in PHP. Prior to version 4.6.1, YesWiki bazar module contains a SQL injection vulnerability in tools/bazar/services/EntryManager.php at line 704. The $data'idfiche' value sourced from $POST'idfiche' is concatenated directly into a raw SQL query without any...
CVE-2026-41143
YesWiki contains an authenticated SQL injection in the bazar module, via id_fiche in EntryManager::formatDataBeforeSave() (code path: tools/bazar/services/EntryManager.php:704). The vulnerable query concatenates $_POST['id_fiche'] into SQL without sanitization, e.g. selecting MIN(time) from pages...
EUVD-2026-28312
YesWiki is a wiki system written in PHP. Prior to version 4.6.1, YesWiki bazar module contains a SQL injection vulnerability in tools/bazar/services/EntryManager.php at line 704. The $data'idfiche' value sourced from $POST'idfiche' is concatenated directly into a raw SQL query without any...
Fedora 43 : wireshark (2025-0e41e63705)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-0e41e63705 advisory. New version 4.6.1. Beware of the move of files from /usr/lib64/wireshark/extcap/ to /usr/libexec/wireshark/extcap. Any custom user scripts should be...
CVE-2025-13945
HTTP3 dissector crash in Wireshark 4.6.0 and 4.6.1 allows denial of service...
PT-2025-48797
Name of the Vulnerable Software and Affected Versions Wireshark versions 4.4.0 through 4.4.11 Wireshark versions 4.6.0 through 4.6.1 Description The MEGACO dissector in Wireshark contains an infinite loop that can lead to a denial of service. The issue is triggered by the improper handling of...
PT-2025-48234
The Customer Reviews Collector for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email-text' parameter in all versions up to, and including, 4.6.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
Wireshark 4.6.x < 4.6.1 Multiple Vulnerabilities
The version of Wireshark installed on the remote Windows host is prior to 4.6.1. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-4.6.1 advisory. - Kafka dissector crash in Wireshark 4.6.0 and 4.4.0 to 4.4.10 allows denial of service CVE-2025-13499 Note that...
EUVD-2025-36121
Stored cross-site scripting XSS vulnerability in the LMT Dashboard of the Perx Customer Engagement & Loyalty Platform allows an authenticated attacker to execute arbitrary JavaScript code in a victim's browser. The vulnerability is due to improper sanitization of SVG file uploads. An attacker can...
EUVD-2025-28026
Malicious code in bioql PyPI...
CVE-2024-9065
The WP Helper Premium plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'whpsmtpsendmailtest' function in all versions up to, and including, 4.6.1. This makes it possible for unauthenticated attackers to send emails containing any...
PT-2024-30853 · Unknown · Firsh Justified Image Grid
Name of the Vulnerable Software and Affected Versions: Firsh Justified Image Grid versions through 4.6.1 Description: A Server-Side Request Forgery SSRF issue affects Firsh Justified Image Grid, allowing for Server Side Request Forgery. Recommendations: For versions through 4.6.1, consider...
WordPress plugin Tournamatch security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2024-15097 · Auth0 · Login By Auth0 Plugin For Wordpress
Name of the Vulnerable Software and Affected Versions: Login by Auth0 plugin for WordPress versions up to, and including, 4.6.0 Description: The issue is related to Reflected Cross-Site Scripting via the wle parameter due to insufficient input sanitization and output escaping. This allows...
WordPress WordPress Plugin for Google Maps plugin <= 4.6.1 - Authenticated (Contributor+) SQL Injection vulnerability
Authenticated Contributor+ SQL Injection vulnerability discovered by Krzysztof Zając in WordPress Plugin WP Maps versions = 4.6.1...
CVE-2023-28512
IBM Watson CP4D Data Stores 4.6.0, 4.6.1, and 4.6.2 could allow an attacker with specific knowledge about the system to manipulate data due to improper input validation. IBM X-Force ID: 250396...
Pixel & tonic Craft CMS Injection Vulnerability
Pixel & tonic Craft CMS is a content management system CMS from Pixel & tonic Inc. in the United States. An injection vulnerability exists in Craft CMS version 4.6.1, which stems from the system's use of an unselected volume of the asset element type to save feeds, and can be exploited by a remot...
CVE-2023-49823
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BoldThemes Bold Page Builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through 4.6.1...
WordPress plugin AI ChatBot 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...