704 matches found
CVE-2023-34185
Cross-Site Request Forgery CSRF vulnerability in John Brien WordPress NextGen GalleryView plugin = 0.5.5 versions...
CVE-2022-43461
Stored Cross-Site Scripting XSS vulnerability in John West Slideshow SE plugin = 2.5.5 versions...
CVE-2022-41554
Stored Cross-Site Scripting XSS vulnerability in John West Slideshow SE plugin = 2.5.5 versions...
CVE-2025-47590
CVE-2025-47590 describes a CSRF vulnerability in WordPress WPSpeed up to version 2.6.5. The available data indicate a CSRF flaw that could enable unauthorized actions on behalf of an authenticated user (attack vector: CSRF; user interaction required per CVSS 3.1 vector). The CVE entry lists a mod...
Malicious code in @johndeere-tech/eslint-plugin-timbercloud-custom-rules (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 61308d7848e55b8e455ca17307d037a12cbcb121760bacc64d9f8b574c08861d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2025-46465
Cross-Site Request Forgery CSRF vulnerability in John Weissberg Print Science Designer print-science-designer allows Stored XSS.This issue affects Print Science Designer: from n/a through = 1.3.155...
CVE-2025-46465
CVE-2025-46465 : A CSRF flaw in WordPress Print Science Designer (versions up to and including 1.3.155) can lead to stored XSS. Affected product: Print Science Designer plugin; root cause is CSRF that enables injecting stored scripts. Public details in the CVE entry identify the vulnerability typ...
MimeTeX 安全漏洞
MimeTeX is an image converter from the individual developer John Forkosh. A security vulnerability exists in versions prior to MimeTeX v1.77, which stems from specially crafted scripts that lead to the execution of arbitrary code...
CVE-2025-32671
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in John Weissberg Print Science Designer print-science-designer allows Path Traversal.This issue affects Print Science Designer: from n/a through = 1.3.155...
CVE-2025-32671
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in John Weissberg Print Science Designer print-science-designer allows Path Traversal.This issue affects Print Science Designer: from n/a through = 1.3.155...
CVE-2025-32671 WordPress Print Science Designer plugin <= 1.3.155 - Arbitrary File Download vulnerability
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in John Weissberg Print Science Designer print-science-designer allows Path Traversal.This issue affects Print Science Designer: from n/a through = 1.3.155...
PT-2025-16096 · Unknown · John Weissberg Print Science Designer
Name of the Vulnerable Software and Affected Versions: John Weissberg Print Science Designer versions 1.3.155 and earlier Description: The issue is related to an improper limitation of a pathname to a restricted directory, also known as 'Path Traversal'. This allows for Path Traversal, which can...
CVE-2025-32166 WordPress Emma for WordPress plugin <= 1.3.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in John Housholder Emma for WordPress allows Stored XSS. This issue affects Emma for WordPress: from n/a through 1.3.3...
CVE-2025-26909
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in John Darrel Hide My WP Ghost hide-my-wp allows PHP Local File Inclusion.This issue affects Hide My WP Ghost: from n/a through = 5.4.01...
CVE-2025-26909
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in John Darrel Hide My WP Ghost hide-my-wp allows PHP Local File Inclusion.This issue affects Hide My WP Ghost: from n/a through = 5.4.01...
CPDF 安全漏洞
CPDF is a PDF command line tool from the individual developer John Whitington. A security vulnerability exists in CPDF 2.8 and earlier versions, which stems from allowing the use of a stack through a carefully crafted PDF document...
CVE-2024-56015
CVE-2024-56015 concerns a CSRF vulnerability in the Tidy Up WordPress plugin by John Godley that enables a reflected XSS. Public details in the connected Red Hat entry describe the issue as a CSRF vulnerability that allows reflected XSS, affecting versions from unknown public release up to 1.3. T...
Canadian Man Arrested in Snowflake Data Extortions
A 25-year-old man in Ontario, Canada has been arrested for allegedly stealing data from and extorting more than 160 companies that used the cloud data service Snowflake. Image: https://www.pomerium.com/blog/the-real-lessons-from-the-snowflake-breach On October 30, Canadian authorities arrested...
Microsoft SQL Server NTLM Stealer
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft SQL Server NTLM Stealer', 'Description' = %q This module can be used to help capture or relay the LM/NTLM credentials of the account...
WordPress Login As Users plugin <= 1.4.2 - Broken Authentication vulnerability
Broken Authentication vulnerability discovered by John Blackbourn Patchstack Alliance in WordPress Plugin Login As Users versions = 1.4.2...