EUVD-2026-36039

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the HAProxy section-save endpoints POST /api/service/haproxy//section/ and the PUT / global / defaults variants accept a JSON option field that is not validated, not escaped, and ...

CVE-2025-13354 Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI <= 3.40.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Taxonomy Term Manipulation

The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.40.1. This is due to the plugin not properly verifying that a user is authorized to perform an action in the...

EUVD-2024-51725

Malicious code in bioql PyPI...

EUVD-2025-4970

Malicious code in bioql PyPI...

EUVD-2025-6615

Malicious code in bioql PyPI...

EUVD-2024-32078

Malicious code in bioql PyPI...

EUVD-2024-33756

Malicious code in bioql PyPI...

CVE-2025-3669

The Supreme Addons for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's autoqrcodesabb shortcode in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2025-5752

The Vertical scroll image slideshow gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘width’ parameter in all versions up to, and including, 11.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-1527 ShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules – All in One Solution (formerly WooLentor) <= 3.1.0 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Flash Sale Countdown Module

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules – All in One Solution formerly WooLentor plugin for WordPress is vulnerable to a Stored DOM-Based Cross-Site Scripting via the plugin's Flash Sale Countdown module in all versions up to, and including, 3.1.0 due to...

CVE-2024-11746 Discover the Best Woocommerce Product Brands Plugin for WordPress – Woocommerce Brands Plugin <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Discover the Best Woocommerce Product Brands Plugin for WordPress – Woocommerce Brands Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'productbrand' shortcode in all versions up to, and including, 1.3.2 due to insufficient input sanitization and outp...

CVE-2024-12444

CVE-2024-12444 affects the WP Dispensary WordPress plugin (versions

CVE-2024-7611

CVE-2024-7611 affects Enter Addons – Ultimate Template Builder for Elementor (WordPress). The vulnerability is a Stored Cross-Site Scripting via the Events Card widget's tag attribute, caused by insufficient input sanitization and output escaping on user-supplied attributes in versions up to 2.1....

CVE-2024-4482

CVE-2024-4482 : The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is affected by Stored Cross-Site Scripting via the Countdown widget. Root cause: insufficient input sanitization and output escaping on the user-supplied text_day...

CVE-2024-4666

CVE-2024-4666 applies to Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg (WordPress). It is a stored XSS vulnerability in multiple widgets across all versions up to 1.5.3, caused by insufficient input sanitization and inadequate output escaping on user-supplied att...

CVE-2022-36009

gomatrixserverlib is a Go library for matrix protocol federation. Dendrite is a Matrix homeserver written in Go, an alternative to Synapse. The power level parsing within gomatrixserverlib was failing to parse the "eventsdefault" key of the m.room.powerlevels event, defaulting the event default...

Update Rollup 2 for Windows Server 2012 Essentials

Update Rollup 2 for Windows Server 2012 Essentials Introduction This article lists the issues that are fixed in Update Rollup 2 for Windows Server 2012 Essentials. Important This update rollup contains server-side fixes. After you apply this update rollup, the client-side package is installed...

ASPapp Knowledge Base - &#039;CatId&#039; SQL Injection (1)

....... ...... ..... .....CoRPITX ..... ..... ...... ....... -----------------Turkey-------------------------------------- --------- www.Hayalet-hack.com------------------------------- ----------www.xcorpitx-hack.com------------------------------ Iatek | ASPapp -links.asp CatId SQL Injection...