24 matches found
CVE-2026-34033
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. User-supplied content was included in notification emails without proper escaping, allowing authenticated users to inject arbitrary HTML int...
EUVD-2026-30991
Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Node View Permissions allows Forceful Browsing. This issue affects Node View Permissions: from 0.0.0 before 1.7.0, from 2.0.0 before 2.0.1...
CVE-2025-66101
Missing Authorization vulnerability in Sabuj Kundu CBX Bookmark & Favorite cbxwpbookmark allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CBX Bookmark & Favorite: from n/a through = 2.0.1...
CVE-2025-62796 PrivateBin persistent HTML injection in attachment filename enables redirect and defacement
PrivateBin is an online pastebin where the server has zero knowledge of pasted data. Versions 1.7.7 through 2.0.1 allow persistent HTML injection via the unsanitized attachment filename attachmentname when attachments are enabled. An attacker can modify attachmentname before encryption so that,...
CVE-2025-62938
Missing Authorization vulnerability in Reoon Technology Reoon Email Verifier reoon-email-verifier allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Reoon Email Verifier: from n/a through = 2.0.1...
CVE-2025-62938 WordPress Reoon Email Verifier plugin <= 2.0.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Reoon Technology Reoon Email Verifier reoon-email-verifier allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Reoon Email Verifier: from n/a through = 2.0.1...
WordPress Easy Plugin Stats plugin <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Easy Plugin Stats versions = 2.0.1...
EUVD-2021-21283
Malware in sbrugna...
CVE-2025-59334 Linkr allows manifest tampering leading to arbitrary file injection
Linkr is a lightweight file delivery system that downloads files from a webserver. Linkr versions through 2.0.0 do not verify the integrity or authenticity of .linkr manifest files before using their contents, allowing a tampered manifest to inject arbitrary file entries into a package...
PT-2025-34923 · Epeken · Epeken Kurir
Name of the Vulnerable Software and Affected Versions: epeken Epeken All Kurir versions through 2.0.1 Description: The software contains a DOM-Based Cross-site Scripting XSS issue due to improper neutralization of input during web page generation. Recommendations: Update to a version later than...
PT-2025-34801 · Firecrawl · Firecrawl
Name of the Vulnerable Software and Affected Versions: Firecrawl versions prior to 2.0.1 Description: Firecrawl is a tool that converts websites into LLM-ready markdown or structured data. A server-side request forgery SSRF vulnerability exists in the webhook functionality of Firecrawl...
CVE-2025-39379
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Capturly Capturly capturly-optimize-your-website allows PHP Local File Inclusion.This issue affects Capturly: from n/a through = 2.0.1...
WordPress all-in-one-box-login plugin <= 2.0.1 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin all-in-one-box-login versions = 2.0.1...
PT-2024-10085 · Drupal · Download All Files
Name of the Vulnerable Software and Affected Versions: Download All Files versions 0.0.0 through 2.0.1 Description: The issue is related to a Missing Authorization vulnerability in the Download All Files module for the Drupal CMS, which allows for Forceful Browsing. This vulnerability can be...
PT-2024-29200 · WordPress · Pricing Table
Name of the Vulnerable Software and Affected Versions: Pricing Table plugin for WordPress versions up to, and including, 2.0.1 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the ajax function. This allows unauthenticated attackers t...
CVE-2023-51680
Missing Authorization vulnerability in TechnoVama Quotes for WooCommerce.This issue affects Quotes for WooCommerce: from n/a through 2.0.1...
PT-2024-23446 · Unknown · Lordicon Animated Icons
Name of the Vulnerable Software and Affected Versions: Lordicon Animated Icons versions through 2.0.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inje...
PT-2024-10354 · Drupal · Node Access Rebuild Progressive
Name of the Vulnerable Software and Affected Versions: Node Access Rebuild Progressive versions 0.0.0 through 2.0.1 Node Access Rebuild Progressive version prior to 2.0.2 can be simplified to the above range, so it is omitted to avoid duplication. Description: The issue is related to improper...
CVE-2023-34033
A vulnerability in craigramsay Ajax Pagination and Infinite Scroll malinky-ajax-pagination.This issue affects Ajax Pagination and Infinite Scroll: from n/a through = 2.0.1...
PT-2022-19914 · Jetbrains · Jetbrains Ktor Native
Name of the Vulnerable Software and Affected Versions: JetBrains Ktor Native version 2.0.0 Description: The SHA1 implementation was returning the same value, indicating a potential issue with the hashing function. This issue was resolved in a later version. Recommendations: For version 2.0.0,...