@antv/g-mobile-canvas (>=1.0.0 <=1.0.49), @antv/g-mobile-svg (>=1.0.0 <=1.0.46) +1 more potentially affected by unknown CVE via @antv/g-plugin-mobile-interaction (>=1.0.0 <=1.0.9)

@antv/g-plugin-mobile-interaction NPM version =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.56 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVGPLUGINMOBILEINTERACTION-16754817...

PT-2025-52547

Name of the Vulnerable Software and Affected Versions Flex Store Users plugin for WordPress versions prior to 1.1.1 Description The Flex Store Users plugin for WordPress is susceptible to privilege escalation. Unauthenticated attackers can register with the 'administrator' role during registratio...

CVE-2024-13786 Education Center | LMS & Online Courses WordPress Theme <= 3.6.10 - PHP Object Injection

The education theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.6.10 via deserialization of untrusted input in the 'themerexcallbackviewmoreposts' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP...

SUSE CVE-2015-6772

The DOM implementation in Blink, as used in Google Chrome before 47.0.2526.73, does not prevent javascript: URL navigation while a document is being detached, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that improperly interacts with a plugin...

Authorization

The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several functions in versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to obtain the blog metadata via the function cstugetmetadata that...

UBUNTU-CVE-2015-6772

The DOM implementation in Blink, as used in Google Chrome before 47.0.2526.73, does not prevent javascript: URL navigation while a document is being detached, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that improperly interacts with a plugin...

chromium-browser: Cross-origin bypass in DOM

The DOM implementation in Blink, as used in Google Chrome before 47.0.2526.73, does not prevent javascript: URL navigation while a document is being detached, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that improperly interacts with a plugin...

Authentication flaw

The Shibboleth authentication plugin in auth/shibboleth/index.php in Moodle through 2.3.11, 2.4.x before 2.4.11, and 2.5.x before 2.5.7 does not check whether a session ID is empty, which allows remote authenticated users to hijack sessions via crafted plugin interaction...