7744 matches found
CVE-2026-49468
LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. Prior to 1.84.0, a Host-header parsing flaw in the LiteLLM proxy could, under specific conditions, allow unauthenticated access to protected management routes. The auth layer derived the effective route from...
CVE-2026-49468
LiteLLM is a proxy server (AI Gateway) for calling LLM APIs. A host-header parsing flaw could allow authentication bypass by making the auth gate evaluate a different route than dispatched, effectively bypassing access controls under specific conditions. The issue is mitigated by upgrading to 1.8...
CVE-2017-20268
Joomla! Component Zap Calendar Lite 4.3.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'eid' parameter. Attackers can send GET requests to the RSVP plugin endpoint with crafted SQL payloads t...
CVE-2017-20268
Joomla! Component Zap Calendar Lite 4.3.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'eid' parameter. Attackers can send GET requests to the RSVP plugin endpoint with crafted SQL payloads t...
CVE-2017-20268 Joomla! Component Zap Calendar Lite 4.3.4 SQL Injection
Joomla! Component Zap Calendar Lite 4.3.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'eid' parameter. Attackers can send GET requests to the RSVP plugin endpoint with crafted SQL payloads t...
CVE-2017-20268
The CVE covers Joomla! component Zap Calendar Lite 4.3.4, where an SQL injection via the eid parameter allows unauthenticated attackers to execute arbitrary SQL queries. Attack vectors include sending crafted GET requests to the RSVP endpoint to extract sensitive information, such as database nam...
EUVD-2017-18995
Joomla! Component Zap Calendar Lite 4.3.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'eid' parameter. Attackers can send GET requests to the RSVP plugin endpoint with crafted SQL payloads t...
CVE-2026-2021
The Slideshow Gallery LITE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'alwaysauto' shortcode attribute in all versions up to, and including, 1.8.5. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible...
CVE-2026-2021
The Slideshow Gallery LITE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'alwaysauto' shortcode attribute in all versions up to, and including, 1.8.5. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible...
EUVD-2026-37868
The Slideshow Gallery LITE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'alwaysauto' shortcode attribute in all versions up to, and including, 1.8.5. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible...
CVE-2026-2021
The CVE concerns the WordPress Slideshow Gallery LITE plugin (versions
CVE-2026-2021 Slideshow Gallery LITE <= 1.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'alwaysauto' Shortcode Attribute
The Slideshow Gallery LITE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'alwaysauto' shortcode attribute in all versions up to, and including, 1.8.5. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible...
CVE-2026-10029 Event Koi Lite <= 1.3.13.1 - Missing Authorization to Unauthenticated Sensitive Information Exposure via REST API Endpoints
The Event Koi Lite – Events Calendar, Event Management, RSVP, and Tickets plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.13.1 via the getevents. This makes it possible for unauthenticated attackers to extract sensitive data including...
CVE-2026-10029
The vulnerability CVE-2026-10029 concerns the WordPress plugin Event Koi Lite – Events Calendar, Event Management, RSVP, and Tickets. Affected are all versions up to and including 1.3.13.1. The root cause is a Sensitive Information Exposure via the plugin’s get_events endpoint, allowing unauthent...
WordPress Slideshow Gallery LITE plugin <= 1.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Slideshow Gallery versions = 1.8.5...
WordPress Event Koi Lite – Events Calendar, Event Management, RSVP, and Tickets plugin <= 1.3.13.1 - Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability
Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability discovered by Umut Can Yurdayardım in WordPress Plugin Event Koi Lite – Events Calendar, Event Management, RSVP, and Tickets versions = 1.3.13.1...
CVE-2026-8494
The Permalink Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post titles in the admin URI Editor interface in all versions up to, and including, 2.5.3.3 due to insufficient output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-37210
CVE-2024-37210 concerns WordPress AliExpress Dropshipping with AliNext Lite plugin
Malicious code in telegram-lite-grabber (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aad489fe689e441f3237d052bb24702e3178fca26564e662b060c0a8d01fe5f9 Package is named 'telegram-lite-grabber', a name strongly suggestive of a tool intended to harvest Telegram credentials or session data. No concrete...
CVE-2026-8494
CVE-2026-8494 concerns the WordPress plugin Permalink Manager Lite (affected versions up to 2.5.3.3). The issue is a Stored Cross-Site Scripting (XSS) flaw in the admin URI Editor interface, triggered by crafted post titles due to insufficient output escaping. Affected condition requires an attac...