WordPress plugin Duplicate Page and Post SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2026-5412

In Juju versions prior to 2.9.57 and 3.6.21, an authorization issue exists in the Controller facade. An authenticated user can call the CloudSpec API method to extract the cloud credentials used to bootstrap the controller. This allows a low-privileged user to access sensitive credentials. This...

CVE-2025-65103 OpenSTAManager has an authenticated SQL Injection vulnerability in API via 'display' parameter

OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.9.5, an authenticated SQL Injection vulnerability in the API allows any user, regardless of permission level, to execute arbitrary SQL queries. By manipulating the display parameter in ...

EUVD-2025-31261

Malicious code in bioql PyPI...

CVE-2025-60143 WordPress Netgsm plugin <= 2.9.69 - Broken Access Control vulnerability

Missing Authorization vulnerability in netgsm Netgsm netgsm allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Netgsm: from n/a through = 2.9.69...

WordPress NotificationX plugin <= 2.9.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis Patchstack Alliance in WordPress Plugin NotificationX versions = 2.9.5...

HTMLy 安全漏洞

HTMLy is a PHP-based open source blogging platform. A security vulnerability exists in HTMLy version v2.9.5, which stems from the presence of a stored cross-site scripting XSS vulnerability. An attacker can exploit the vulnerability to execute arbitrary web script or HTML code by injecting a...

PT-2020-6581

Name of the Vulnerable Software and Affected Versions Ansible versions 2.7.16 and prior Ansible versions 2.8.8 and prior Ansible versions 2.9.5 and prior Description A flaw was found in Ansible when a password is set with the argument password of the svn module, it is used on the svn command line...

Piwigo Cross-Site Scripting Vulnerability (CNVD-2019-32000)

Piwigo is a web-based photo album software from the Piwigo team. The software supports photo publishing, management, multiple browsing options categories, tags, time and more. A cross-site scripting vulnerability exists in admin.php?page=notificationbymail in Piwigo version 2.9.5. The vulnerabili...

libxml2 parser.c File Denial of Service Vulnerability

libxml2 is the GNOME project team developed a C-based library for parsing XML documents, which supports multiple encoding formats, Xpath parsing, Well-formed and valid validation. A denial of service vulnerability exists in the parser.c file in versions of libxml2 prior to 2.9.5, which stems from...

UBUNTU-CVE-2017-16931

parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name...