44 matches found
CVE-2026-2374 Login No Captcha reCAPTCHA <= 1.8.0 - Unauthenticated Stored Cross-Site Scripting via PHP_SELF
The Login No Captcha reCAPTCHA plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the $SERVER'PHPSELF' superglobal in all versions up to, and including, 1.8.0. This is due to the authenticate function storing the unsanitized output of basename$SERVER'PHPSELF' in the...
PT-2026-41592
A security vulnerability has been detected in linlinjava litemall up to 1.8.0. Affected by this vulnerability is the function backup/load of the file litemall-db/src/main/java/org/linlinjava/litemall/db/util/DbUtil.java of the component Database Setting Handler. The manipulation of the argument...
CVE-2026-24343 Apache HertzBeat: Uncontrolled Resource Consumption via Crafted XPath Expressions
Improper Neutralization of Data within XPath Expressions 'XPath Injection' vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat: from 1.7.1 before 1.8.0. Users are recommended to upgrade to version 1.8.0, which fixes the issue...
com.webank.wedatasphere.dss:dolphinscheduler-prod-metrics (>=1.1.2 <=1.2.2), com.webank.wedatasphere.dss:dss-apiservice-server (>=1.1.2 <=1.2.2) +166 more potentially affected by CVE-2025-29847 via org.apache.linkis:linkis-common (>=1.3.0 <=1.8.0)
org.apache.linkis:linkis-common MAVEN version =1.3.0, =1.1.2, =1.1.2, =1.1.2, =1.1.2, =1.1.2, =1.1.2, =1.1.2, =1.1.2, =1.1.2, =1.1.2, =1.1.2, =1.1.2, =1.1.2, =1.1.2, =1.1.2, =1.2.2 and more Source cves: CVE-2025-29847 Source advisory: SNYK:JAVA-ORGAPACHELINKIS-15035881https://vulners.com/snyk...
GHSA-C399-Q49H-QWC8 Apache Linkis: Arbitrary File Read via Double URL Encoding Bypass
A vulnerability in Apache Linkis. Problem Description When using the JDBC engine and data source functionality, if the URL parameter configured on the frontend has undergone multiple rounds of URL encoding, it may bypass the system's checks. This bypass can trigger a vulnerability that allows...
CVE-2025-59355
Apache Linkis CVE-2025-59355 affects 1.0.0–1.7.0, where HiveUtils.decode() may log the full input parameter on Base64 decode failure, risking leakage of sensitive values (e.g., hive-site.xml passwords) if error logs are readable. A fix is available in 1.8.0+ that desensitizes the log (logger.erro...
PT-2026-1268
Name of the Vulnerable Software and Affected Versions Brecht Custom Related Posts versions through 1.8.0 Description A flaw exists in Brecht Custom Related Posts that allows the retrieval of embedded sensitive data due to the insertion of sensitive information into sent data. Recommendations Upda...
CVE-2025-58896
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Otaku otaku allows PHP Local File Inclusion.This issue affects Otaku: from n/a through = 1.8.0...
CVE-2025-10694 User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds <= 1.8.0 - Missing Authorization to Information Disclosure
The User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the maybeloadonboardingwizard function in all versions up to, and including, 1.8.0. This makes it possibl...
CVE-2025-9551
Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Protected Pages allows Brute Force.This issue affects Protected Pages: from 0.0.0 before 1.8.0...
WordPress Progress Planner plugin <= 1.8.0 - Privilege Escalation vulnerability
Privilege Escalation vulnerability discovered by NumeX in WordPress Plugin Progress Planner versions = 1.8.0...
EUVD-2025-24052
Malicious code in bioql PyPI...
WordPress Notely Plugin <= 1.8.0 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin Notely versions = 1.8.0...
CVE-2025-60149
CVE-2025-60149 affects Notely (WordPress plugin). Reported as Stored XSS due to Improper Input Neutralization during Web Page Generation. Affected: Notely versions up to 1.8.0. Required access: authenticated (Administrator+). Description and context come from the CVE entry and the Wordfence vulne...
Linux Distros Unpatched Vulnerability : CVE-2021-29476
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Requests is a HTTP library written in PHP. Requests mishandles deserialization in FilteredIterator. The issue has been patched and users of Requests 1.6.0, 1.6....
WordPress Otaku theme <= 1.8.0 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Otaku versions = 1.8.0...
PT-2025-33423 · Linlinjava · Litemall
Name of the Vulnerable Software and Affected Versions: linlinjava litemall versions up to 1.8.0 Description: A vulnerability was identified in linlinjava litemall. The issue affects an unknown functionality within the /admin/config/express file of the Business Logic Handler component. Manipulatio...
Janssen 安全漏洞
Janssen is an open source user authentication component from the Janssen Project Open Source. A security vulnerability exists in Janssen versions prior to 1.8.0, which stems from the Config API returning results without validating the scope, which could lead to information disclosure...
GHSA-373J-MHPF-84WG Janssen Config API returns results without scope verification
Impact What kind of vulnerability is it? Who is impacted? The configAPI is an internal service and hence should never be exposed to the internet. With that said, this is a serious vulnerability that has a large internal surface attack area that exposes all sorts of information from the IDP...
Drupal 安全漏洞
Drupal is an open source content management system developed in the PHP language by the Drupal community. A security vulnerability exists in Drupal Diff prior to version 1.8.0, which stems from the inclusion of an authorization error vulnerability...