EUVD-2025-35543

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nks Email Subscription Popup email-subscribe allows Stored XSS.This issue affects Email Subscription Popup: from n/a through = 1.2.26...

WordPress plugin Nks Email Subscription Popup Cross Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

DEBIAN-CVE-2025-46825

Kanboard is project management software that focuses on the Kanban methodology. Versions 1.2.26 through 1.2.44 have a Stored Cross-Site Scripting XSS Vulnerability in the name parameter of the http://localhost/?controller=ProjectCreationController&action=create form. This vulnerability allows...

PT-2025-6601 · WordPress · The Flexible Wishlist For Woocommerce

Name of the Vulnerable Software and Affected Versions: Flexible Wishlist for WooCommerce – Ecommerce Wishlist & Save for later plugin for WordPress versions up to, and including, 1.2.26 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on...

WordPress plugin Flexible Wishlist for WooCommerce 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

PT-2024-38372 · Lunary · Lunary

Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary version 1.2.26 Description: The issue allows an unauthenticated attacker to inject data into outgoing emails by bypassing the extractFirstName function using a different whitespace character, such as xa0. This can be exploite...

Cacti 1.2.26 Remote Code Execution

---------------------------------------------------------------- Cacti = 1.2.26 import.php Remote Code Execution Vulnerability ---------------------------------------------------------------- - Software Link: https://cacti.net - Affected Versions: Version 1.2.26 and prior versions. - Vulnerabilit...

Design/Logic Flaw

Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database TSDB. Bypassing an earlier fix CVE-2023-39360 that leads to a DOM XSS attack. Exploitation of the vulnerability is possible for an authorized user. The vulnerable component is the...

CVE-2023-49086

Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database TSDB. A vulnerability in versions prior to 1.2.27 bypasses an earlier fix for CVE-2023-39360, therefore leading to a DOM XSS attack. Exploitation of the vulnerability is possible for an...

CVE-2023-49086 Cacti is vulnerable to cross-Site scripting (XSS) DOM

Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database TSDB. A vulnerability in versions prior to 1.2.27 bypasses an earlier fix for CVE-2023-39360, therefore leading to a DOM XSS attack. Exploitation of the vulnerability is possible for an...

CVE-2008-1382

libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialized memory...