23 matches found
WordPress Book a Room Event Calendar plugin <= 1.9 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by swat in WordPress Plugin Book a Room Event Calendar versions = 1.9...
Improper Certificate Validation
Overview lemur is a Certificate management and orchestration service Affected versions of this package are vulnerable to Improper Certificate Validation in the ldap process. An attacker can intercept authentication credentials and modify LDAP responses by performing a man-in-the-middle attack...
CVE-2025-69993
Leaflet versions up to and including 1.9.4 are vulnerable to Cross-Site Scripting XSS via the bindPopup method. This method renders user-supplied input as raw HTML without sanitization, allowing attackers to inject arbitrary JavaScript code through event handler attributes e.g., . When a victim...
EUVD-2026-20771
parseusbs before 1.9 contains an OS command injection vulnerability where the volume listing path argument -v flag is passed unsanitized into an os.popen shell command with ls, allowing arbitrary command injection via crafted volume path arguments containing shell metacharacters. An attacker can...
PT-2026-31565
Name of the Vulnerable Software and Affected Versions Agions taskflow-ai versions through 2.1.8 Description A security flaw exists in Agions taskflow-ai up to version 2.1.8. The issue impacts an unknown function within the src/mcp/server/handlers.ts file of the terminal execute component, leading...
MiracleLinux 4 : firefox-3.6.26-1.0.1.AXS4, xulrunner-1.9.2.26-1.0.1.AXS4 (AXSA:2012-194:02)
The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-194:02 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Security issues fixed with this releas...
CVE-2025-53470
Out-of-bounds Read vulnerability in Apache NimBLE HCI H4 driver. Specially crafted HCI event could lead to invalid memory read in H4 driver. This issue affects Apache NimBLE: through 1.8. This issue requires a broken or bogus Bluetooth controller and thus severity is considered low. Users are...
CVE-2025-13405
The Ace Post Type Builder plugin for WordPress is vulnerable to unauthorized custom taxonomy deletion due to missing authorization validation on the cptbdeletecustomtaxonomy function in all versions up to, and including, 1.9. This makes it possible for authenticated attackers, with Subscriber-lev...
EUVD-2025-33849
The WP Easy Toggles plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'toggles' shortcode in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-57938
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themewant Easy Hotel Booking easy-hotel allows DOM-Based XSS.This issue affects Easy Hotel Booking: from n/a through = 1.9.2...
WordPress Recurring PayPal Donations Plugin <= 1.8 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin Recurring PayPal Donations versions = 1.8...
CVE-2024-47090
CVE-2024-47090 affects Nagvis prior to version 1.9.47 and allows an XSS via the WYSIWYG editor (improper input neutralization). Connected sources confirm Debian/Debian LTS advisory DLA-4233-1 fixes this issue in Debian 11 with Nagvis package 1:1.9.25-2+deb11u2. The Nessus entry also references an...
CVE-2020-21147
RockOA V1.9.8 is affected by a cross-site scripting XSS vulnerability which allows remote attackers to send malicious code to the administrator and execute JavaScript code, because webmain/flow/input/modeemailmAction.php does not perform strict filtering...
WordPress Trash Duplicate and 301 Redirect plugin <= 1.9 - Missing Authorization to Unauthenticated Arbitrary Post Deletion vulnerability
Missing Authorization to Unauthenticated Arbitrary Post Deletion vulnerability discovered by Krzysztof Zając in WordPress Plugin Trash Duplicate and 301 Redirect versions = 1.9...
CVE-2024-13225
The ECT Home Page Products WordPress plugin through 1.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2025-24696 WordPress Gutenberg Blocks and Page Layouts Plugin <= 1.9.6 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in WP Attire Attire Blocks allows Cross Site Request Forgery. This issue affects Attire Blocks: from n/a through 1.9.6...
WordPress Shabbos and Yom Tov plugin <= 1.9 - CSRF to Stored XSS vulnerability
CSRF to Stored XSS vulnerability discovered by SOPROBRO in WordPress Plugin Shabbos and Yom Tov versions = 1.9...
WordPress Stylish Internal Links plugin <= 1.9 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Zlrqh Patchstack Alliance in WordPress Plugin Stylish Internal Links versions = 1.9...
WordPress plugin TFO Graphviz 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
PT-2023-27126 · Unknown · Phpscriptpoint Recipepoint
Name of the Vulnerable Software and Affected Versions: phpscriptpoint RecipePoint version 1.9 Description: A critical issue was found in phpscriptpoint RecipePoint, affecting an unknown part of the file /recipe-result. The manipulation of the argument text/category/type/difficulty/cuisine/cooking...