15 matches found
CVE-2026-1672
The BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.5. This is due to missing nonce validation on the wooberedrawtablerow function. This makes it possibl...
CVE-2026-1672 BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net <= 1.1.5 - Cross-Site Request Forgery to Product Data Modification
The BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.5. This is due to missing nonce validation on the wooberedrawtablerow function. This makes it possibl...
PT-2026-31290
Name of the Vulnerable Software and Affected Versions The BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net versions up to and including 1.1.5 Description The BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin for WordPre...
Unity Linux 20.1070e Security Update: vim (UTSA-2026-006137)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006137 advisory. Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode -s -e, Vim typically doesn't show a screen...
CLSA-2026-1767712744 vim: Fix of 2 CVEs
CVE-2025-22134: correctly reset the visual mode before opening other windows and buffers - CVE-2025-24014: skip the redraw attempt that accesses an unallocated variable...
In consistent parameters settings can break the business logic
Lines of code Vulnerability details Impact The usual business logic of the raffle should be that: If a user wins a raffle, he can always claim the NFT before a redraw can be initialized. However, the settings parameters can be set to inconsistent so that a winner may not be able to claim the NFT...
Draw organizer can rig the draw to favor certain participants such as their own account.
Lines of code Vulnerability details Description In RandomDraw, the host initiates a draw using startDraw or redraw if the redraw draw expiry has passed. Actual use of Chainlink oracle is done in requestRoll: request.currentChainlinkRequestId = coordinator.requestRandomWords keyHash:...
Bad actor can burn VRFCoordinatorV2 LINK's balance
Lines of code Vulnerability details Impact All VRFNFTRandomDraw instances share the same VRFCoordinatorV2 address, and LINK fees are deducted from this smart contract. There are a couple of issues that may be exploited by malicious actor to overinflate calls to VRF and in lead to griefing, e.g. B...
In case the winner is the address(0)
Lines of code Vulnerability details Impact Temporary freezing NFT this can be more than one period Proof of Concept On VRFNFTRandomDraw.fulfillRandomWords 254 request.currentChosenTokenId = 255 randomWords0 % tokenRange + 256 settings.drawingTokenStartId; In case ownerOfrequest.currentChosenToken...
Stack-based Buffer Overflow in function win_redr_ruler
Description Stack Buffer Overflow in function winredrruler at drawscreen.c:799 . vim version git log commit ec1238b4068d0d6d9d02ac1a8e61720224a1be73 grafted, HEAD - master, tag: v9.0.0582, origin/master, origin/HEAD Proof of Concept poc download url:...
WordPress plugin 跨站脚本漏洞
WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. WordPress WOOF plugin has a cross-site scripting vulnerability in versions prior to 1.2.6.3, which stems from the lack of escaping of woofredrawelements and can be exploited by attackers to...
CVE-2018-8710
A remote code execution issue was discovered in the WooCommerce Products Filter aka WOOF plugin before 2.2.0 for WordPress, as demonstrated by the shortcode parameter in a woofredrawwoof action. The plugin implemented a page redraw AJAX function accessible to anyone without any authentication...
Remote code execution
A remote code execution issue was discovered in the WooCommerce Products Filter aka WOOF plugin before 2.2.0 for WordPress, as demonstrated by the shortcode parameter in a woofredrawwoof action. The plugin implemented a page redraw AJAX function accessible to anyone without any authentication...
BigTree CMS 'redraw-field.php' Cross-Site Scripting Vulnerability
BigTree CMS is an open source content management system. A cross-site scripting vulnerability exists in BigTree CMS 'redraw-field.php'. An attacker could exploit the vulnerability to execute arbitrary script code in a user's browser while browsing the affected site to steal cookie-based...
Security fix for the ALT Linux 5 package xpdf version 3.01-alt2pl1
Dec. 7, 2005 Victor Forsyuk 3.01-alt2pl1 - Security fix CAN-2005-3193. - Updated japanese and korean support packages. - Fix allocation size for 64bit architecture. - Fix to don't use freetype internals. - Apply upstream patch to fix resize/redraw...