Give WP Plugin < 3.19.0 - Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. id: CVE-2024-11921 info: name: Give WP Plugin 3.19.0 - Cross-Site Scripting author: Splint3r7...

WordPress GiveWP <2.17.3 - Cross-Site Scripting

WordPress GiveWP plugin before 2.17.3 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape the formid parameter before returning it in the response of an unauthenticated request via the givecheckoutlogin AJAX action. An attacker can inject arbitrary script in the...

CVE-2026-12204 ShopXO Scheduled Task Endpoint Crontab.php GoodsGiveIntegral authorization

A vulnerability was determined in ShopXO up to 6.7.1. This vulnerability affects the function OrderClose/OrderSuccess/PayLogOrderClose/GoodsGiveIntegral of the file app/api/controller/Crontab.php of the component Scheduled Task Endpoint. Executing a manipulation can lead to authorization bypass...

EUVD-2026-36679

A vulnerability was determined in ShopXO up to 6.7.1. This vulnerability affects the function OrderClose/OrderSuccess/PayLogOrderClose/GoodsGiveIntegral of the file app/api/controller/Crontab.php of the component Scheduled Task Endpoint. Executing a manipulation can lead to authorization bypass...

CVE-2026-42188

Geyser is a bridge between Minecraft: Bedrock Edition and Minecraft: Java Edition. Prior to 2.9.3, a server-side request forgery SSRF vulnerability exists in Geyser’s handling of Bedrock player head texture data. By supplying a crafted Base64-encoded skin texture URL via the /give command, an...

CVE-2026-42188 Geyser: Server-Side Request Forgery (SSRF) via Player Head Texture URL

Geyser is a bridge between Minecraft: Bedrock Edition and Minecraft: Java Edition. Prior to 2.9.3, a server-side request forgery SSRF vulnerability exists in Geyser’s handling of Bedrock player head texture data. By supplying a crafted Base64-encoded skin texture URL via the /give command, an...

CVE-2026-42188

CVE-2026-42188 (Geyser SSRF) : A server-side request forgery vulnerability exists in Geyser’s handling of Bedrock player head textures. Before version 2.9.3, a crafted Base64-encoded skin texture URL supplied via the /give command can cause the Minecraft server to issue arbitrary HTTP GET request...

CVE-2026-42188

Geyser is a bridge between Minecraft: Bedrock Edition and Minecraft: Java Edition. Prior to 2.9.3, a server-side request forgery SSRF vulnerability exists in Geyser’s handling of Bedrock player head texture data. By supplying a crafted Base64-encoded skin texture URL via the /give command, an...

Geyser 代码问题漏洞

Geyser is a cross-platform game version bridging proxy tool developed by GeyserMC. Versions of Geyser prior to 2.9.3 contained code vulnerabilities. These vulnerabilities stemmed from server-side request forgeing when processing texture data for players’ heads in Minecraft. This allowed attackers...

PT-2026-35901

Missing Authorization vulnerability in StellarWP GiveWP give allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GiveWP: from n/a through = 4.14.5...

WordPress GiveWP plugin <= 4.14.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by HuajiHD in WordPress Plugin GiveWP versions = 4.14.2...

EUVD-2002-1005

Malware in sbrugna...

EUVD-2025-4394

Malicious code in bioql PyPI...

Malicious code in give-advice-10th (npm)

The package give-advice-10th was found to contain malicious code...

MAL-2025-21496 Malicious code in give-advice-10th (npm)

The package give-advice-10th was found to contain malicious code...

CVE-2024-3714

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'giveform' shortcode when used with a legacy form in all versions up to, and including, 3.10.0 due to insufficient input sanitization and output escaping on use...

CVE-2025-37760 mm/vma: add give_up_on_oom option on modify/merge, use in uffd release

In the Linux kernel, the following vulnerability has been resolved: mm/vma: add giveuponoom option on modify/merge, use in uffd release Currently, if a VMA merge fails due to an OOM condition arising on commit merge or a failure to duplicate anonvma's, we report this so the caller can handle it...

CVE-2025-37760

Technical details about CVE-2025-37760 are not provided in the supplied connected documents. No affected product/version or fix is specified here. Monitor for updates.

CVE-2025-37760 mm/vma: add give_up_on_oom option on modify/merge, use in uffd release

In the Linux kernel, the following vulnerability has been resolved: mm/vma: add giveuponoom option on modify/merge, use in uffd release Currently, if a VMA merge fails due to an OOM condition arising on commit merge or a failure to duplicate anonvma's, we report this so the caller can handle it...

WordPress Give plugin <= 3.22.0 - Missing Authorization to Unauthenticated Arbitrary Earning Reports Disclosure via give_reports_earnings Function vulnerability

Missing Authorization to Unauthenticated Arbitrary Earning Reports Disclosure via givereportsearnings Function vulnerability discovered by mikemyers in WordPress Plugin GiveWP versions = 3.22.0...