EUVD-2026-34995

A vulnerability was identified in JeecgBoot up to 3.9.2. Affected by this vulnerability is the function queryPageList of the file src\main\java\org\jeecg\modules\system\controller\SysUserController.java of the component User List Endpoint. The manipulation of the argument salt leads to informatio...

CVE-2026-11464

JeecgBoot v3.9.2 and earlier are affected by CVE-2026-11464. The vulnerability is in the User List Endpoint, specifically the function queryPageList in SysUserController.java. Manipulating the salt argument leads to information disclosure. The issue can be triggered remotely and is described as h...

CVE-2026-9008

The Page-list plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.2. This is due to the pagelistunqprfxextshortcode function the pagelistext / pagelistext shortcode accepting attacker-controlled poststatus, posttype, and showmetakey attributes and...

CVE-2026-9008

The Page-list plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.2. This is due to the pagelistunqprfxextshortcode function the pagelistext / pagelistext shortcode accepting attacker-controlled poststatus, posttype, and showmetakey attributes and...

CVE-2026-9008 Page-list <= 6.2 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Disclosure via Shortcode Attributes

The Page-list plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.2. This is due to the pagelistunqprfxextshortcode function the pagelistext / pagelistext shortcode accepting attacker-controlled poststatus, posttype, and showmetakey attributes and...

CVE-2026-9008

The Page-list plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.2. This is due to the pagelistunqprfxextshortcode function the pagelistext / pagelistext shortcode accepting attacker-controlled poststatus, posttype, and showmetakey attributes and...

EUVD-2026-34939

The Page-list plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.2. This is due to the pagelistunqprfxextshortcode function the pagelistext / pagelistext shortcode accepting attacker-controlled poststatus, posttype, and showmetakey attributes and...

CVE-2026-9008

CVE-2026-9008 affects the Page-list WordPress plugin (versions up to 6.2). The pagelist_unqprfx_ext_shortcode() function for the [pagelist_ext]/[pagelistext] shortcodes accepts attacker-controlled post_status, post_type, and show_meta_key attributes and passes them into get_pages() and get_post_m...

PT-2026-47124

Name of the Vulnerable Software and Affected Versions Page-list plugin for WordPress versions prior to 6.3 Description Missing authorization occurs in the pagelist unqprfx ext shortcode function, specifically within the 'pagelist ext' and 'pagelistext' shortcodes. The function accepts...

WordPress plugin Page-list 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

WordPress Page-list plugin <= 6.2 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Disclosure vulnerability

Missing Authorization to Authenticated Contributor+ Sensitive Information Disclosure vulnerability discovered by darkmode in WordPress Plugin Page-list versions = 6.2...

CVE-2026-23386

In the Linux kernel, the following vulnerability has been resolved: gve: fix incorrect buffer cleanup in gvetxcleanpendingpackets for QPL In DQ-QPL mode, gvetxcleanpendingpackets incorrectly uses the RDA buffer cleanup path. It iterates numbufs times and attempts to unmap entries in the dma array...

EUVD-2025-205494

A vulnerability was detected in JeecgBoot up to 3.9.0. This issue affects the function queryPageList of the file /sys/sysDepartRole/list. The manipulation of the argument deptId results in improper authorization. The attack can be executed remotely. A high complexity level is associated with this...

EUVD-2019-5370

Malware in sbrugna...

EUVD-2024-42418

Malicious code in bioql PyPI...

EUVD-2025-25749

Malicious code in bioql PyPI...

EUVD-2025-30609

Malicious code in bioql PyPI...

CVE-2025-58030

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webvitaly Page-list page-list allows Stored XSS.This issue affects Page-list: from n/a through = 5.8...

CVE-2025-58030

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webvitaly Page-list page-list allows Stored XSS.This issue affects Page-list: from n/a through = 5.8...

WordPress Page-list Plugin <= 5.8 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by zaim in WordPress Plugin Page-list versions = 5.8...