Exploit for Missing Authentication for Critical Function in Flowiseai Flowise

Silentium — HackTheBox Writeup Platform: HackTheBox...

EUVD-2026-23935

The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 3.0.5. This is due to two compounding flaws: the Members::update method does not validate or restrict the value of file-type custom profile fields, allowing authenticated users to store ...

CVE-2026-39665

The CVE describes a DOM-Based XSS vulnerability in the WordPress plugin SEO Friendly Images (seo-image) by Vladimir Prelovac, affecting versions from n/a up to 3.0.5. Root cause: Improper neutralization of input during web page generation. Impact stated across sources as cross-site scripting acce...

Linux Distros Unpatched Vulnerability : CVE-2026-24122

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cosign provides code signing and transparency for containers and binaries. In versions 3.0.4 and below, an issuing certificate with a validity that expires befo...

CVE-2023-49148

Cross-Site Request Forgery CSRF vulnerability in Kulwant Nagi Affiliate Booster – Pros & Cons, Notice, and CTA Blocks for Affiliates.This issue affects Affiliate Booster – Pros & Cons, Notice, and CTA Blocks for Affiliates: from n/a through 3.0.5...

CVE-2019-7173

A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/file-manager/attachments/edit/4...

CVE-2023-43378

A cross-site scripting XSS vulnerability in Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the commento11 parameter...

CVE-2023-43378

A cross-site scripting XSS vulnerability in Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the commento11 parameter...

CVE-2025-32676 WordPress Verowa Connect plugin <= 3.0.5 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Picture-Planet GmbH Verowa Connect verowa-connect allows Blind SQL Injection.This issue affects Verowa Connect: from n/a through = 3.0.5...

CVE-2024-37486

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through 3.0.5...

CVE-2023-43374

Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the idutentelog parameter at /hoteldruid/personalizza.php...

PT-2022-24569 · WordPress · The Car Dealer (Dealership)/Vehicle Sales Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: The Car Dealer Dealership and Vehicle sales WordPress Plugin versions prior to 3.05 Description: The issue is related to improper authorization and CSRF in an AJAX action. This allows any authenticated users, such as subscribers, to call the...

Firefox XSS vulnerabilities in SessionStore

Unspecified vulnerability in the session-restore feature in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19 allows remote attackers to bypass the same origin policy, inject content into documents associated with other domains, and conduct cross-site scripting XSS attacks via unknown...

PYSEC-2008-14

Multiple cross-site request forgery CSRF vulnerabilities in Plone CMS 3.0.5 and 3.0.6 allow remote attackers to 1 add arbitrary accounts via the joinform page and 2 change the privileges of arbitrary groups via the prefsgroupsoverview page...