19 matches found
CVE-2026-54847
The CVE-2026-54847 entry concerns the WordPress plugin “Stylish Cost Calculator” (versions
CVE-2026-34588 OpenEXR has a signed 32-bit Overflow in PIZ Decoder Leads to OOB Read/Write
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.1.0 to before 3.2.7, 3.3.9, and 3.4.9, internalexrundopiz advances the working wavelet pointer with signed 32-bit arithmetic. Because nx, ny, and...
CVE-2026-28104 WordPress Site Suggest plugin <= 1.3.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in Aryan Shirani Bid Abadi Site Suggest site-suggest allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Site Suggest: from n/a through = 1.3.9...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004297)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004297 advisory. In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID drivers, aka...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003671)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003671 advisory. A memory leak in the sofdfsentrywrite function in sound/soc/sof/debug.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service memory...
CVE-2025-15475 PayHere Payment Gateway Plugin for WooCommerce <= 2.3.9 - Missing Authorization to Unauthenticated Order Status Modification
The PayHere Payment Gateway Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to an improper validation logic in the checkpayhereresponse function in all versions up to, and including, 2.3.9. This makes it possible for unauthenticated attackers to...
CVE-2025-64119
A vulnerability in Nuvation Battery Management System allows Authentication Bypass.This issue affects Battery Management System: through 2.3.9...
EUVD-2025-204069
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in wpweb Follow My Blog Post follow-my-blog-post allows Retrieve Embedded Sensitive Data.This issue affects Follow My Blog Post: from n/a through = 2.3.9...
CVE-2025-64258
CVE-2025-64258 concerns the WordPress plugin Follow My Blog Post (versions
EUVD-2025-30558
Malicious code in bioql PyPI...
EUVD-2025-30573
Malicious code in bioql PyPI...
CVE-2025-60161
CVE-2025-60161: ZoloBlocks (ZoloBlocks plugin)
CVE-2025-58230 WordPress ZoloBlocks plugin <= 2.3.12 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bdthemes ZoloBlocks zoloblocks allows DOM-Based XSS.This issue affects ZoloBlocks: from n/a through = 2.3.12...
CVE-2023-51516
Missing Authorization vulnerability in Business Directory Team Business Directory Plugin.This issue affects Business Directory Plugin: from n/a through 6.3.9...
WordPress BizPrint plugin <= 4.3.39 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin BizPrint versions = 4.3.39...
PT-2022-6004 · Adobe · Campaign
Name of the Vulnerable Software and Affected Versions: Adobe Campaign versions 7.3.1 and earlier Adobe Campaign versions 8.3.9 and earlier Description: The issue is related to a Server-Side Request Forgery SSRF vulnerability that could lead to arbitrary file system read. A low-privilege...
snipe-it 安全漏洞
Snipe-IT is an open source IT asset/license management system. security vulnerability exists in Packagist snipe/snipe-it versions prior to 5.3.9, which stems from improper privilege management. No details of the vulnerability are currently available...
Cisco Meeting Server Denial of Service Vulnerability (CNVD-2019-16513)
Cisco Meeting Server formerly known as Acano Conferencing Server, CMS is the United States Cisco Cisco company's set of audio and video conferencing server software. A denial of service vulnerability exists in Session Initiation Protocol SIP call processing in Cisco Meeting Server CMS versions...
PT-2008-1076 · Apple +1 · Cups +1
Name of the Vulnerable Software and Affected Versions: CUPS versions 1.3.9 and earlier cups-devel version 1.2.4 cups-libs version 1.2.4 cups-lpd version 1.2.4 cups version 1.2.4 Description: The issue allows local users, and possibly remote attackers, to cause a denial of service by adding a larg...