49 matches found
EUVD-2026-39745
Contributor Cross Site Scripting XSS in StatCounter = 2.1.1 versions...
PT-2026-44744
Name of the Vulnerable Software and Affected Versions WP Maps Pro versions prior to 6.1.1 Description The WP Maps Pro plugin for WordPress contains a flaw allowing unauthenticated attackers to create administrator accounts and achieve complete site takeover. The issue stems from a temporary acces...
PT-2026-42916
A vulnerability was determined in postcss up to 7.1.1. Affected is the function toString of the file src/selectors/container.js of the component AST Serialization. Executing a manipulation can lead to uncontrolled recursion. It is possible to launch the attack remotely. The exploit has been...
NPM: FlowiseAI: Vector Store No Permission Checks
NPM: FlowiseAI: Vector Store No Permission Checks vulnerability discovered by ? in WordPress Npm flowise versions = 3.1.1...
NPM: FlowiseAI has Mass Assignment in Tool Update Endpoint that Allows Cross-Workspace Resource Reassignment
NPM: FlowiseAI has Mass Assignment in Tool Update Endpoint that Allows Cross-Workspace Resource Reassignment vulnerability discovered by ? in WordPress Npm flowise versions = 3.1.1...
PT-2026-31126
🚨CVE CVE-2026-39487 Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ameliabooking Amelia ameliabooking allows Blind SQL https://t.co/fl64XWhsLE… https://t.co/SLjDDfvUPc ----- Traducción: CVE-202… https://t.co/utmtNgl3sv...
SUSE CVE-2026-25990
Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, an out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1...
CVE-2026-1778
Amazon SageMaker Python SDK before v3.1.1 or v2.256.0 disables TLS certificate verification for HTTPS connections made by the service when a Triton Python model is imported, incorrectly allowing for requests with invalid and self-signed certificates to succeed...
CVE-2023-45108
Cross-Site Request Forgery CSRF vulnerability in Mailrelay plugin = 2.1.1 versions...
DoS (Denial of Service) com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server
This High severity DoS Denial of Service vulnerability was introduced in version 7.1.0 of Crowd Data Center and Server. This Improper Authorization vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated attacker to expos...
CVE-2025-49952
Authorization Bypass Through User-Controlled Key vulnerability in favethemes Houzez houzez allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Houzez: from n/a through = 4.2.5...
EUVD-2018-6582
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2015-3845
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Parcel::appendFrom function in libs/binder/Parcel.cpp in Binder in Android before 5.1.1 LMY48M does not consider parcel boundaries during identification of...
CVE-2021-24492
The hndtstactioninstancecallback AJAX call of the Handsome Testimonials & Reviews WordPress plugin before 2.1.1, available to any authenticated users, does not sanitise, validate or escape the hndtstpreviewShortcodeInstanceId POST parameter before using it in a SQL statement, leading to an SQL...
CVE-2024-12735
The Advance Post Prefix WordPress plugin through 1.1.1 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins and above to perform SQL injection attacks...
CVE-2025-43569
Substance3D - Stager versions 3.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2025-46480 WordPress Nepali Post Date plugin <= 5.1.1 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Padam Shankhadev Nepali Post Date nepali-post-date allows Stored XSS.This issue affects Nepali Post Date: from n/a through = 5.1.1...
CVE-2025-26739
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themefunction newseqo allows Stored XSS.This issue affects newseqo: from n/a through 2.1.1...
CVE-2025-27101
Opal is OBiBa’s core database application for biobanks or epidemiological studies. Prior to version 5.1.1, when copying any parent directory to a folder in the /temp/ directory, all files in that parent directory are copied, including files which the user should not have access to. All users of t...
CVE-2025-26603
Vim is a greatly improved version of the good old UNIX editor Vi. Vim allows to redirect screen messages using the :redir ex command to register, variables and files. It also allows to show the contents of registers using the :registers or :display ex command. When redirecting the output of...