WordPress Custom Twitter Feeds – A Tweets Widget or X Feed Widget plugin <= 2.5.4 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by gidget smith in WordPress Plugin Custom Twitter Feeds Tweets Widget versions = 2.5.4...

DEBIAN-CVE-2026-34480

Apache Log4j Core's XmlLayout https://logging.apache.org/log4j/2.x/manual/layouts.htmlXmlLayout , in versions up to and including 2.25.3, fails to sanitize characters forbidden by the XML 1.0 specification https://www.w3.org/TR/xml/charsets producing invalid XML output whenever a log message or M...

UBUNTU-CVE-2026-34480

Apache Log4j Core's XmlLayout https://logging.apache.org/log4j/2.x/manual/layouts.htmlXmlLayout , in versions up to and including 2.25.3, fails to sanitize characters forbidden by the XML 1.0 specification https://www.w3.org/TR/xml/charsets producing invalid XML output whenever a log message or M...

CVE-2026-39641

Cross-Site Request Forgery CSRF vulnerability in Skywarrior Blackfyre blackfyre allows Cross Site Request Forgery.This issue affects Blackfyre: from n/a through = 2.5.4...

CVE-2026-39641 WordPress Blackfyre theme <= 2.5.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Skywarrior Blackfyre blackfyre allows Cross Site Request Forgery.This issue affects Blackfyre: from n/a through = 2.5.4...

CVE-2026-0999

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to properly validate login method restrictions which allows an authenticated user to bypass SSO-only login requirements via userID-based authentication. Mattermost Advisory ID: MMSA-2025-00548...

Jenkins has a Denial of service vulnerability in HTTP-based CLI

Jenkins 2.540 and earlier, LTS 2.528.2 and earlier does not properly close HTTP-based CLI connections when the connection stream becomes corrupted, allowing unauthenticated attackers to cause a denial of service...

CVE-2025-12092

The CYAN Backup plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'delete' functionality in all versions up to, and including, 2.5.4. This makes it possible for authenticated attackers, with Administrator-level access and above, to delet...

PT-2025-45563

Name of the Vulnerable Software and Affected Versions CYAN Backup plugin for WordPress versions through 2.5.4 Description The CYAN Backup plugin for WordPress has a flaw that allows authenticated attackers with Administrator-level access or higher to delete arbitrary files on the server. This is...

CVE-2025-58019

CVE-2025-58019 affects the Search Atlas SEO metasync used by the WordPress Search Atlas SEO plugin. It is a Stored Cross-Site Scripting vulnerability caused by improper input neutralization during web page generation, as described in the initial document. The issue affects Search Atlas SEO versio...

CVE-2023-0735

Cross-Site Request Forgery CSRF in GitHub repository wallabag/wallabag prior to 2.5.4...

PT-2024-33625 · Unknown · Latex2Html

Name of the Vulnerable Software and Affected Versions: LaTeX2HTML versions n/a through 2.5.4 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS attacks. Recommendations: For versio...

WordPress JobSearch WP Job Board WordPress Plugin plugin <= 2.5.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin JobSearch versions = 2.5.4...

WordPress plugin DELUCKS SEO security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

KeePass 安全漏洞

KeePass is an open source password manager. A security vulnerability exists in version 2.x prior to KeePass 2.54 that stems from the ability to recover plaintext master passwords from a memory dump even if the workspace is locked or no longer running...

PYSEC-2022-43004

Cross-Site Request Forgery CSRF in GitHub repository ikus060/rdiffweb prior to 2.5.4...

Vmware Spring Cloud Data Flow SQL Injection Vulnerability

Vmware Spring Cloud Data Flow is a code library for streaming and batch data processing in microservices from Vmware, Inc. A SQL injection vulnerability exists in Spring Cloud Data Flow versions 2.6.x prior to 2.6.5, versions 2.5.x prior to 2.5.4, which stems from the vulnerability of the...

BTITeam XBTIT Cross-Site Scripting Vulnerability (CNVD-2019-28273)

XBTIT is an open source tracking software. A stored cross-site scripting vulnerability exists in newsfeed /index.php?page=viewnews in BTITeam XBTIT 2.5.4. An attacker can exploit this vulnerability to conduct a cross-site scripting attack via the headline of a news item...

Cybozu Garoon vulnerable to SQL injection

Overview Cybozu Garoon contains a SQL injection vulnerability. Note that this vulnerability is different from JVN91153528. Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in the process of downloading files, which may result in SQL injection. Impact A user w...

CVE-2009-2311

creationtimestamp| type| source ---|---|--- 2009-03-23 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/8254...