PT-2026-46323

Unauthenticated Local File Inclusion in Imba = 1.5.0 versions...

PT-2026-46351

Unauthenticated Local File Inclusion in Abelle = 1.22 versions...

LeakIX Search

This module uses the LeakIX API to search for exposed services and data leaks. LeakIX is a search engine focused on indexing internet-exposed services and leaked credentials/databases. An API key is required free at https://leakix.net. Actions: SEARCH - Query LeakIX with a search string and scope...

CVE-2023-31232

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in David Artiss Plugins List plugin = 2.5 versions...

EUVD-2023-35547

Malicious code in bioql PyPI...

CVE-2025-10212

The SiteAlert Formerly WP Health plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple functions in all versions up to, and including, 1.9.8. This makes it possible for unauthenticated attackers to view the site health information, includi...

CVE-2025-10212 SiteAlert (Formerly WP Health) <= 1.9.8 - Missing Authorization to Unauthenticated Site Health Information Exposure

The SiteAlert Formerly WP Health plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple functions in all versions up to, and including, 1.9.8. This makes it possible for unauthenticated attackers to view the site health information, includi...

@alauda-fe/create-alauda-mfe-plugin (>=0.0.1 <=0.0.2), @apj-pace/pace-nx-plugin (>=0.0.2 <=0.0.5) +75 more potentially affected by CVE-2025-10894 via nx (>=20.0.0-beta.0 <=20.0.9)

nx NPM version =20.0.0-beta.0, =0.0.1, =0.0.2, =0.0.0, =0.5.0, =0.0.1, =0.0.25, =20.0.0-beta.0, =20.0.0-beta.0, =20.0.0-beta.0, =20.0.0-beta.0, =20.0.0-beta.0, =20.0.0-canary.20240926-529ab94 and more Source cves: CVE-2025-10894 Source advisory: SNYK:JS-NX-12205542...

com.charlyghislain.keycloak:keycloak-importexport (>=21.0.0 <=23.0.1), com.github.vzakharchenko:chillispot-radius-plugin (>=1.4.10 <=1.4.11) +95 more potentially affected by CVE-2024-3656 via org.keycloak:keycloak-services (>=1.0-alpha-1 <=24.0.4)

org.keycloak:keycloak-services MAVEN version =1.0-alpha-1, =21.0.0, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.0.1, =1.1.23, =0.3.0-20.0.1, =0.4.5-20.0.2, =2.7.4-24.0 and more Source cves: CVE-2024-3656 Source advisory: OSV:GHSA-2CWW-FGMG-4JQC...

CVE-2023-31232

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in David Artiss Plugins List plugin = 2.5 versions...

CVE-2023-31232

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in David Artiss Plugins List plugin = 2.5 versions...

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in David Artiss Plugins List plugin = 2.5 versions...

CVE-2023-31232

CVE-2023-31232: WordPress Plugins List plugin (≤ 2.5) is vulnerable to stored XSS (admin+). Root cause involves insufficient escaping in plugin output (e.g., replace_plugin_list_tags). Impact and exploitability are described in connected sources as admin-privileged, stored XSS with potential risk...

Plugins List < 2.5.1 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress Plugins List Plugin <= 2.5 is vulnerable to Cross Site Scripting (XSS)

Software Plugins List Type Plugin Vulnerable versions = 2.5 Fixed in 2.5.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-31232 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID aa0ba87f0fd0 Credits Yuki Haruma Required privile...

com.blazemeter:jmeter-plugins-directory-listing (>=0.2 <=0.3), com.blazemeter:jmeter-plugins-random-csv-data-set (>=0.6 <=0.8) +134 more potentially affected by CVE-2022-40705 via soap:soap (>=2.3 <=2.3.1)

soap:soap MAVEN version =2.3, =0.2, =0.6, =0.3, =1.0.0, =0.0.0, =0.0.0, =1.3.1-2.6, =1.4, =1.0.0-2.13, =1.1.0, =1.0.0, =1.1.3 and more Source cves: CVE-2022-40705 Source advisory: OSV:GHSA-JQ8C-J47C-VVWM...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1602 more potentially affected by CVE-2022-34174 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.33)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2022-34174 Source advisory: OSV:GHSA-9GRJ-J43M-MJQR...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1574 more potentially affected by CVE-2019-10406 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.17)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2019-10406 Source advisory: OSV:GHSA-HW55-F8WC-82M6...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +698 more potentially affected by CVE-2013-7330 via org.jenkins-ci.main:jenkins-core (>=1.396 <=1.480.2)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.9, =1.0, =1.0, =1.0-beta-1, =2.1, =1.0, =1.0, =0.1, =0.1, =0.17 and more Source cves: CVE-2013-7330 Source advisory: OSV:GHSA-H5JV-HG68-MJHG...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1186 more potentially affected by CVE-2014-9634 via org.jenkins-ci.main:jenkins-core (>=1.396 <=1.585)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =0.0.1, =0.9, =1.3, =1.0, =1.0.3, =1.0.0, =1.0, =1.0.0, =2.2.0, =1.0-beta-1, =4.18 - com.boxuk.jenkins:jslint =0.7.4 and more Source cves: CVE-2014-9634 Source advisory: OSV:GHSA-G7CF-WG27-QW87...