CVE-2026-25025 WordPress VikRestaurants plugin <= 1.5.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in e4jvikwp VikRestaurants vikrestaurants allows Reflected XSS.This issue affects VikRestaurants: from n/a through = 1.5.2...

CVE-2026-24598

Missing Authorization vulnerability in bestwebsoft Multilanguage by BestWebSoft multilanguage allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Multilanguage by BestWebSoft: from n/a through = 1.5.2...

CVE-2025-67629

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Basticom Basticom Framework basticom-framework allows Stored XSS.This issue affects Basticom Framework: from n/a through = 1.5.2...

WordPress Basticom Framework plugin <= 1.5.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Nur Ibnu Hubab in WordPress Plugin Basticom Framework versions = 1.5.2...

PT-2025-52115

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes OnLeash onleash allows PHP Local File Inclusion.This issue affects OnLeash: from n/a through = 1.5.2...

WordPress Community Events plugin <= 1.5.2 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by ifoundbug in WordPress Plugin Community Events versions = 1.5.2...

EUVD-2023-50057

Malicious code in bioql PyPI...

EUVD-2025-24910

Malicious code in bioql PyPI...

EUVD-2023-1283

Malicious code in bioql PyPI...

WordPress CM Business Directory plugin <= 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by theviper17y in WordPress Plugin CM Business Directory versions = 1.5.2...

CVE-2025-24285

Multiple Improper Input Validation vulnerabilities in UniFi Connect EV Station Lite may allow a Command Injection by a malicious actor with network access to the UniFi Connect EV Station Lite. Affected Products: UniFi Connect EV Station Lite Version 1.5.1 and earlier Mitigation: Update UniFi...

CVE-2025-24285

Multiple Improper Input Validation vulnerabilities in UniFi Connect EV Station Lite may allow a Command Injection by a malicious actor with network access to the UniFi Connect EV Station Lite. Affected Products: UniFi Connect EV Station Lite Version 1.5.1 and earlier Mitigation: Update UniFi...

Linux Distros Unpatched Vulnerability : CVE-2021-3139

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Open-iSCSI tcmu-runner 1.3.x, 1.4.x, and 1.5.x through 1.5.2, xcopylocateudev in tcmurcmdhandler.c lacks a check for transport-layer restrictions, allowing...

CVE-2025-54728 WordPress CM On Demand Search And Replace Plugin <= 1.5.2 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in CreativeMindsSolutions CM On Demand Search And Replace cm-on-demand-search-and-replace allows Cross Site Request Forgery.This issue affects CM On Demand Search And Replace: from n/a through = 1.5.2...

CVE-2025-54703

Cross-Site Request Forgery CSRF vulnerability in princeahmed Integrate Google Drive integrate-google-drive allows Cross Site Request Forgery.This issue affects Integrate Google Drive: from n/a through = 1.5.2...

CVE-2024-29816

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in htdat Woo Viet allows Stored XSS.This issue affects Woo Viet: from n/a through 1.5.2...

CVE-2023-1782

HashiCorp Nomad and Nomad Enterprise versions 1.5.0 up to 1.5.2 allow unauthenticated users to bypass intended ACL authorizations for clusters where mTLS is not enabled. This issue is fixed in version 1.5.3...

WordPress Flipdish Ordering System plugin <= 1.5.2 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross Site Request Forgery CSRF to Settings Change vulnerability discovered by Nabil Irawan in WordPress Plugin Flipdish Ordering System versions = 1.5.2...

WordPress plugin Bit Assist SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

CVE-2024-5526

Grafana OnCall is an easy-to-use on-call management tool that will help reduce toil in on-call management through simpler workflows and interfaces that are tailored specifically for engineers. Grafana OnCall, from version 1.1.37 before 1.5.2 are vulnerable to a Server Side Request Forgery SSRF...