77 matches found
DEBIAN-CVE-2026-34446
Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. Prior to version 1.21.0, there is an issue in onnx.load, the code checks for symlinks to prevent path traversal, but completely misses hardlinks because a hardlink looks exactly like a regular file on the...
CVE-2025-70314
webfsd 1.21 is vulnerable to a Buffer Overflow via a crafted request. This is due to the filename variable...
CVE-2025-14110
The WP Js List Pages Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' shortcode attribute in all versions up to, and including, 1.21 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-14110 WP Js List Pages Shortcodes <= 1.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class' Shortcode Attribute
The WP Js List Pages Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' shortcode attribute in all versions up to, and including, 1.21 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
WordPress WP Js List Pages Shortcodes plugin <= 1.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'class' Shortcode Attribute vulnerability discovered by zakaria in WordPress Plugin WP Js List Pages Shortcodes versions = 1.21...
EUVD-2025-204135
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Panda panda allows PHP Local File Inclusion.This issue affects Panda: from n/a through = 1.21...
CVE-2021-4463 Longjing Technology BEMS API <= 1.21 Remote Arbitrary File Download
Longjing Technology BEMS API versions up to and including 1.21 contains an unauthenticated arbitrary file download vulnerability in the 'downloads' endpoint. The 'fileName' parameter is not properly sanitized, allowing attackers to craft traversal sequences and access sensitive files outside the...
CVE-2021-4463 Longjing Technology BEMS API <= 1.21 Remote Arbitrary File Download
Longjing Technology BEMS API versions up to and including 1.21 contains an unauthenticated arbitrary file download vulnerability in the 'downloads' endpoint. The 'fileName' parameter is not properly sanitized, allowing attackers to craft traversal sequences and access sensitive files outside the...
PT-2025-46728
Name of the Vulnerable Software and Affected Versions Longjing Technology BEMS API versions up to and including 1.21 Description The software contains an unauthenticated arbitrary file download issue in the 'downloads' endpoint. The fileName parameter lacks proper sanitization, enabling attackers...
CVE-2025-53214 WordPress Sertifier Certificate & Badge Maker plugin <= 1.21 - Broken Access Control Vulnerability
Missing Authorization vulnerability in sertifier Sertifier Certificate & Badge Maker sertifier-certificates-open-badges allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sertifier Certificate & Badge Maker: from n/a through = 1.21...
CVE-2025-53214
CVE-2025-53214 concerns the WordPress plugin Sertifier Certificate & Badge Maker (versions
WordPress plugin Sertifier Certificate & Badge Maker 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...
PT-2025-45218
Missing Authorization vulnerability in sertifier Sertifier Certificate & Badge Maker sertifier-certificates-open-badges allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sertifier Certificate & Badge Maker: from n/a through = 1.21...
EUVD-2021-8109
Malicious code in bioql PyPI...
EUVD-2024-28468
Malicious code in bioql PyPI...
EUVD-2023-56818
Malicious code in bioql PyPI...
EUVD-2023-53751
Malicious code in bioql PyPI...
EUVD-2021-8110
Malicious code in bioql PyPI...
CVE-2024-9677
The insufficiently protected credentials vulnerability in the CLI command of the USG FLEX H series uOS firmware version V1.21 and earlier versions could allow an authenticated local attacker to gain privilege escalation by stealing the authentication token of a login administrator. Note that this...
CVE-2023-0096
The Happyforms WordPress plugin before 1.22.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...