CVE-2026-8425

The Notify Odoo plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the updateSettings function. This makes it possible for unauthenticated attackers to change the Notify Odoo URL to ...

PT-2026-35814

A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is the function save settings of the file /admin/index.php?page=save settings. This manipulation of the argument Name causes cross site scripting. The attack may be initiated remotely. The exploit...

CVE-2023-4027

The Radio Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updatesettings function in versions up to, and including, 2.0.73. This makes it possible for unauthenticated attackers to update plugin settings...

Tenda AX-3 安全漏洞

Tenda AX3 is a home dual-band Gigabit wireless router from Tenda Technology that supports Wi-Fi6 802.11ax standard and focuses on high-performance network coverage and stable connection. The Tenda AX3 suffers from a stack buffer overflow vulnerability that originates from the shareSpeed parameter...

CVE-2025-12416 Pagerank Tools <= 1.1.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Pagerank Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Cross-Site Request Forgery in all versions up to, and including, 1.1.5. This is due to missing nonce validation on the prsavesettings function and insufficient input sanitization. This makes it possible for...

CVE-2025-60548

D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formLanSetupRouterSettings...

CVE-2025-10300

The TopBar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the fmenbtopbarsavesettings function. This makes it possible for unauthenticated attackers to update the plugin's settin...

WordPress plugin TopBar 跨站请求伪造漏洞

WordPress TopBar plugin is a plugin for adding a notification bar at the top of your website, mainly used to display messages, links or promotional content to help users attract attention and increase conversions. The WordPress TopBar plugin suffers from a cross-site request forgery vulnerability...

EUVD-2025-24012

Malicious code in bioql PyPI...

EUVD-2023-40200

Malicious code in bioql PyPI...

EUVD-2024-2301

Malicious code in bioql PyPI...

PT-2025-32378 · Unknown · Easy Hosting Control Panel

Name of the Vulnerable Software and Affected Versions: Easy Hosting Control Panel EHCP version 20.04.1.b Description: The Easy Hosting Control Panel EHCP contains a SQL injection issue via the id parameter in the Change Settings function. Recommendations: As a temporary workaround, consider...

CVE-2025-50928

Easy Hosting Control Panel EHCP v20.04.1.b was discovered to contain a SQL injection vulnerability via the id parameter in the Change Settings function...

CVE-2025-50928

CVE-2025-50928 affects Easy Hosting Control Panel EHCP v20.04.1.b. The vulnerability is a SQL injection via the id parameter in the Change Settings function. The CVSS v3.1 base vector indicates: AV:N, AC:H, PR:N, UI:N, S:U, C:L, I:L, A:N, with a base score of 4.8 (Medium). Public detail in connec...

CVE-2025-50928

Easy Hosting Control Panel EHCP v20.04.1.b was discovered to contain a SQL injection vulnerability via the id parameter in the Change Settings function...

CVE-2023-46510

An issue in ZIONCOM Hong Kong Technology Limited A7000R v.4.1cu.4154 allows an attacker to execute arbitrary code via the cig-bin/cstecgi.cgi to the settings/setPasswordCfg function...

CVE-2025-3563

A vulnerability was found in WuzhiCMS 4.1. It has been rated as critical. Affected by this issue is the function Set of the file /index.php?m=attachment&f=index&su=wuzhicms&v=set&submit=1 of the component Setting Handler. The manipulation of the argument Setting leads to code injection. The attac...

CVE-2024-6281

A path traversal vulnerability exists in the applysettings function of parisneo/lollms versions prior to 9.5.1. The sanitizepath function does not adequately secure the discussiondbname parameter, allowing attackers to manipulate the path and potentially write to important system folders...

CVE-2024-57575

Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the ssid parameter in the formfastsettingwifiset function...

WordPress plugin Responsive FlipBook Plugin Wordpress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...