EUVD-2026-37624

Unauthenticated Cross Site Scripting XSS in WPFunnels Pro = 2.9.4 versions...

RockyLinux 9 : nginx:1.24 (RLSA-2026:19371)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19371 advisory. nginx: NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945 Tenable has extracted the preceding description block directly from the RockyLinux security...

Important: Red Hat Security Advisory: Assisted Installer RHEL 9 components for Multicluster Engine for Kubernetes 2.9.4

Assisted installer RHEL 9 components for the multicluster engine for Kubernetes 2.9.4 General Availability release, with updates to container images. Assisted Installer RHEL 9 integrates components for the general multicluster engine for Kubernetes 2.9.4 release that simplify the process of...

CVE-2025-67536

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThimPress LearnPress learnpress allows Stored XSS.This issue affects LearnPress: from n/a through = 4.2.9.4...

CVE-2025-8388

The PowerPack Elementor Addons Free Widgets, Extensions and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘cursorurl’ parameter in all versions up to, and including, 2.9.4 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2021-37478

In NavigateCMS version 2.9.4 and below, function block is vulnerable to sql injection on parameter block-order, which results in arbitrary sql query execution in the backend database...

WordPress ListingPro theme <= 2.9.4 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme ListingPro versions = 2.9.4...

WordPress ListingPro theme <= 2.9.4 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme ListingPro versions = 2.9.4...

PT-2024-23907 · Unknown · Aerin Loan Repayment Calculator/Application Form

Name of the Vulnerable Software and Affected Versions: aerin Loan Repayment Calculator and Application Form versions 2.9.4 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintende...

SUSE CVE-2023-45805

pdm is a Python package and dependency manager supporting the latest PEP standards. It's possible to craft a malicious pdm.lock file that could allow e.g. an insider or a malicious open source project to appear to depend on a trusted PyPI project, but actually install another project. A project f...

DEBIAN-CVE-2023-45805

pdm is a Python package and dependency manager supporting the latest PEP standards. It's possible to craft a malicious pdm.lock file that could allow e.g. an insider or a malicious open source project to appear to depend on a trusted PyPI project, but actually install another project. A project f...

CVE-2022-33934

Dell PowerScale OneFS, versions 8.2.x through 9.4.x contain multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges may potentially exploit these vulnerabilities to store malicious HTML or JavaScript code through multiple affected fields...

PT-2023-11358 · Unknown · Happyman Twmap

Name of the Vulnerable Software and Affected Versions: happyman twmap versions prior to v2.9 v4.31 Description: A critical issue was found in happyman twmap, affecting an unknown functionality of the file twmap3/data/ajaxCRUD/pointdata2.php. The manipulation of the id argument leads to sql...

CVE-2021-46849

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-29421. Reason: This candidate is a duplicate of CVE-2021-29421. Notes: All CVE users should reference CVE-2021-29421 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage...

GHSA-WC69-RHJR-HC9G Moment.js vulnerable to Inefficient Regular Expression Complexity

Impact using string-to-date parsing in moment more specifically rfc2822 parsing, which is tried by default has quadratic N^2 complexity on specific inputs noticeable slowdown is observed with inputs above 10k characters users who pass user-provided strings without sanity length checks to moment...

Electrum Python Console Bitcoin Theft Vulnerability

Electrum is a lightweight bitcoin client software. python console is one of the python console programs. A security vulnerability exists in the Python console in Electrum versions 2.9.4 and earlier and versions 3.x through 3.0.5. An attacker can exploit this vulnerability to steal bitcoins with t...

libxml2: Heap use-after-free in xmlSAX2AttributeNs

Use-after-free vulnerability in the xmlSAX2AttributeNs function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2 and OS X before 10.11.5, allows remote attackers to cause a denial of service via a crafted XML document...

UBUNTU-CVE-2016-4449

XML external entity XXE vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service resource consumption via unspecified vectors...