28 matches found
Astra Linux – Vulnerability in exiv2
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop was discovered in Exiv2 versions v0.27.4 and earlier. This infinite loop occurs when Exiv2 is used to modify the metadata of a specially crafted image file. ...
CVE-2026-49057
The CVE-2026-49057 entry concerns the WordPress JobSearch plugin (≤ 3.2.7) with Unauthenticated Broken Access Control. Concrete details found: affected software/product is WordPress JobSearch plugin; vulnerable component/condition is broken access control without authentication; impact is describ...
WordPress Dracula Dark Mode – Accessibility, Reading Mode & Dark Mode for WordPress plugin <= 1.2.7 - Unauthenticated Reflected Cross-Site Scripting vulnerability
Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Dracula Dark Mode - The Revolutionary Dark Mode Plugin For WordPress versions = 1.2.7...
UTT HiPER 1250GW 缓冲区错误漏洞
UTT HiPER 1250GW is a wireless gateway device developed by UTT Corporation. Versions of UTT HiPER 1250GW prior to 3.2.7-210907-180535 contained a buffer overflow vulnerability. This vulnerability stemmed from an operation involving the parameter “Profile” in the function strcpy within the file...
CVE-2026-34588 OpenEXR has a signed 32-bit Overflow in PIZ Decoder Leads to OOB Read/Write
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.1.0 to before 3.2.7, 3.3.9, and 3.4.9, internalexrundopiz advances the working wavelet pointer with signed 32-bit arithmetic. Because nx, ny, and...
CVE-2026-32573 WordPress Nelio AB Testing plugin <= 8.2.7 - Remote Code Execution (RCE) vulnerability
Improper Control of Generation of Code 'Code Injection' vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Code Injection.This issue affects Nelio AB Testing: from n/a through = 8.2.7...
PT-2026-24547
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.2.7. This is due to missing or incorrect nonce validation on the reload preview function. This makes it possible for...
GHSA-V8JM-5VWX-CFXM DOMPurify contains a Cross-site Scripting vulnerability
DOMPurify 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8 contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting missing textarea rawtext element validation in the SAFEFORXML regex. Attackers can include closing rawtext tags like in attribute...
CVE-2018-18270
XSS exists in CMS Made Simple version 2.2.7 via the m1newsurl parameter in an admin/moduleinterface.php "Content--News--Add Article" action...
CVE-2025-63011
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows DOM-Based XSS.This issue affects WP Hotel Booking: from n/a through = 2.2.8...
CVE-2025-63012 WordPress WP Hotel Booking plugin <= 2.2.8 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows Cross Site Request Forgery.This issue affects WP Hotel Booking: from n/a through = 2.2.8...
CVE-2025-46556 MantisBT is Vulnerable to Denial-of-Service (DoS) attack via Excessive Note Length
Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.27.1 and below allow attackers to permanently corrupt issue activity logs by submitting extremely long notes tested with 4,788,761 characters due to a lack of server-side validation of note length. Once such a note is added,...
CVE-2025-61859
CVE-2025-61859 (V-SFT) affects FUJI Electric V-SFT, specifically VS6ComFile!CItemDraw::is_motion_tween in versions 6.2.7.0 and earlier. The vulnerability is an out-of-bounds write, which opening specially crafted V-SFT files can cause information disclosure, ABEND, and arbitrary code execution. P...
WordPress Featured Image from URL (FIFU) plugin <= 5.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Featured Image Custom Fields vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Featured Image Custom Fields vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Featured Image from URL versions = 5.2.7...
WordPress plugin WP Import – Ultimate CSV XML Importer for WordPress 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
Linux Distros Unpatched Vulnerability : CVE-2024-58249
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In wxWidgets before 3.2.7, a crash can be triggered in wxWidgets apps when connections are refused in wxWebRequestCURL. CVE-2024-58249 Note that Nessus relies o...
CVE-2022-26585
Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability via /cms/content/list...
PT-2025-16426 · Oracle · Oracle E-Business Suite
Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.7 through 12.2.14 Description: The issue allows a low-privileged attacker with network access via HTTP to compromise the Oracle iSupplier Portal, resulting in unauthorized access to critical data or...
WordPress WP Tabs plugin < 2.2.7 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Krugov Artyom in WordPress Plugin WP Tabs versions 2.2.7...
CVE-2024-13815
The The Listingo theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.2.7. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...