343 matches found
SQL Injection
Overview ghost is a publishing platform Affected versions of this package are vulnerable to SQL Injection in the the slug filter ordering logic in the Content API. An attacker can access and read arbitrary data from the database by injecting crafted SQL queries through the filter parameter in API...
CVE-2026-23743
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, permalinks pointing to access-restricted resources private topics, categories, posts, or hidden tags were redirecting users to URLs containing the resource slug, even when the user...
CVE-2026-23743 Discourse allows permalinks to restricted resources to leak resource slugs to unauthorized users
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, permalinks pointing to access-restricted resources private topics, categories, posts, or hidden tags were redirecting users to URLs containing the resource slug, even when the user...
CVE-2026-1257
The Administrative Shortcodes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.3.4 via the 'slug' attribute of the 'gettemplate' shortcode. This is due to insufficient path validation on user-supplied input passed to the gettemplatepart function...
CVE-2026-1257 Administrative Shortcodes <= 0.3.4 - Authenticated (Contributor+) Local File Inclusion via 'slug' Shortcode Attribute
The Administrative Shortcodes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.3.4 via the 'slug' attribute of the 'gettemplate' shortcode. This is due to insufficient path validation on user-supplied input passed to the gettemplatepart function...
CVE-2026-1257 Administrative Shortcodes <= 0.3.4 - Authenticated (Contributor+) Local File Inclusion via 'slug' Shortcode Attribute
The Administrative Shortcodes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.3.4 via the 'slug' attribute of the 'gettemplate' shortcode. This is due to insufficient path validation on user-supplied input passed to the gettemplatepart function...
CVE-2026-1257
CVE-2026-1257 affects the WordPress Administrative Shortcodes plugin (versions
WordPress Administrative Shortcodes plugin <= 0.3.4 - Authenticated (Contributor+) Local File Inclusion via 'slug' Shortcode Attribute vulnerability
Authenticated Contributor+ Local File Inclusion via 'slug' Shortcode Attribute vulnerability discovered by zaim in WordPress Plugin Administrative Shortcodes versions = 0.3.4...
PT-2026-4588
The Administrative Shortcodes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.3.4 via the 'slug' attribute of the 'get template' shortcode. This is due to insufficient path validation on user-supplied input passed to the get template part functio...
CVE-2019-12434
An issue was discovered in GitLab Community and Enterprise Edition 10.6 through 11.11. Users could guess the URL slug of private projects through the contrast of the destination URLs of issues linked in comments. It allows Information Disclosure...
EUVD-2025-198120
The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'directoristpreparelistingsexportfile' and 'directoristtypeslugchange' AJAX actions in all versions up to, and...
CVE-2025-12174
The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'directoristpreparelistingsexportfile' and 'directoristtypeslugchange' AJAX actions in all versions up to, and...
WordPress Directorist plugin <= 8.5.2 - Missing Authorization to Authenticated (Subscriber+) Data Export and Slug Update vulnerability
Missing Authorization to Authenticated Subscriber+ Data Export and Slug Update vulnerability discovered by Rafshanzani Suhada in WordPress Plugin Directorist versions = 8.5.2...
EUVD-2025-117474
Malicious code in concerned-purple-slug npm...
EUVD-2025-117191
Malicious code in only-tomato-slug npm...
Malicious code in latin_slug_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b9588bd5298ae71d3e6ffa2fd6e153a8c2fd654a4b0a6a9604e58439ad26149b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in voluntary_slug_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9cec595ac9ae7dfc1b37c7e19efe674523a37d35b42ec7643cfa52cbd738b5cf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-130130 Malicious code in silky_slug_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 75d4ec88866f4d08ca5b0047db14094b7b2b3c6ceaefedb60eb5687cc439f52c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-93888
Malicious code in yabberingslugz3n npm...
EUVD-2025-95123
Malicious code in seriousslugz3n npm...