601 matches found
BIT-MONGODB-2025-11979 Use-after-free in the MongoDB server query planner may lead to crash or undefined behavior
An authorized user may crash the MongoDB server by causing buffer over-read. This can be done by issuing a DDL operation while queries are being issued, under some conditions. This issue affects MongoDB Server v7.0 versions prior to 7.0.25, MongoDB Server v8.0 versions prior to 8.0.15, and MongoD...
CVE-2025-12186
The Weekly Planner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...
CVE-2025-12186
The Weekly Planner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...
CVE-2025-12186 Weekly Planner <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting
The Weekly Planner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...
CVE-2025-12186 Weekly Planner <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting
The Weekly Planner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...
EUVD-2025-201361
The Weekly Planner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...
CVE-2025-12186
CVE-2025-12186 (Weekly Planner WordPress plugin) is a stored XSS vulnerability affecting Weekly Planner versions up to 1.0. The flaw arises from insufficient input sanitization and output escaping in admin/settings, enabling authenticated attackers with administrator-level privileges (including m...
WordPress plugin Weekly Planner 跨站脚本漏洞
WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exist...
PT-2025-49224
The Weekly Planner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...
WordPress Weekly Planner plugin <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability
Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Ivan Cese in WordPress Plugin Weekly Planner versions = 1.0...
Siemens SIMATIC S7-1500 Divide By Zero (CVE-2019-16168)
In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlitestat1 sz field, aka a severe division by zero in the query planner. This plugin only works with Tenable.ot. Please visit...
CVE-2025-11891
The Shelf Planner plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.1 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files...
CVE-2025-11894
The Shelf Planner plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several REST API endpoints in all versions up to, and including, 2.8.1. This makes it possible for unauthenticated attackers to modify several of the plugin's settings li...
EUVD-2025-60975
The Shelf Planner plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.7.0 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files...
EUVD-2025-60977
The Shelf Planner plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several REST API endpoints in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to modify several of the plugin's settings li...
CVE-2025-11894
The Shelf Planner plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several REST API endpoints in all versions up to, and including, 2.8.1. This makes it possible for unauthenticated attackers to modify several of the plugin's settings li...
CVE-2025-11891
The Shelf Planner plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.1 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files...
CVE-2025-11891
CVE-2025-11891 : Shelf Planner (WordPress) up to version 2.7.0 exposes log files publicly, enabling unauthenticated access to sensitive information. Several connected sources (Wordfence, Patchstack, PT Security, CVE listings) corroborate the flaw and patch status. Patch available: Shelf Planner s...
CVE-2025-11891 Shelf Planner <= 2.8.1 - Unauthenticated Information Exposure via Log Files
The Shelf Planner plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.1 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files...
CVE-2025-11891 Shelf Planner <= 2.7.0 - Unauthenticated Information Exposure via Log Files
The Shelf Planner plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.7.0 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files...