255 matches found
CVE-2026-7547
The Woosa – Marktplaats for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Read via Path Traversal in versions up to and including 2.0.4. This is due to insufficient path sanitization in the renderlogsui function, which accepts a base64-encoded file name from the 'logfile' GET...
CVE-2026-8599
The MailerPress – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Campaign HTML Content Field in all versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping. This makes...
CVE-2026-8599
The CVE covers the WordPress plugin MailerPress (Email Marketing, Newsletter, Email Automation & WooCommerce Emails) with stored XSS in Campaign HTML Content Field across versions up to 2.0.4. Exploitation requires author-level access (authenticated, Author+), and affects pages loaded in the admi...
EUVD-2026-35308
The AJAX Report Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.4. This is due to missing or incorrect nonce validation on the rcoptionspage function. This makes it possible for unauthenticated attackers to modify plugin settings...
WordPress MailerPress – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin <= 2.0.4 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability
Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Faizan Shaik in WordPress Plugin MailerPress versions = 2.0.4...
Malicious code in power-apps (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f68653eed66e7343973bc919788864990337f7645072d32a9d7465d4bf4ff4e7 On npm install, postinstall.js executes whoami, id, and reads os.hostname, os.platform, process.cwd, and CI/GitHub environment variables, then sends...
CVE-2026-44048
A stack-based buffer overflow via UCS-2 type confusion in convertcharset in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service...
Malicious code in @cplace-workflow-fe/cf-workflow (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa219c5fdaf0ec8e6e0467fb1f23bfde9a07c18276187464062943e612848781 The package @cplace-workflow-fe/cf-workflow was found to contain malicious code. Source: ghsa-malware...
CowAgent 访问控制错误漏洞
CowAgent is an intelligent assistant and scalable agent framework developed by zhayujie’s individual developer. Version 2.0.4 of CowAgent contains a vulnerability related to access control. This vulnerability stems from the lack of authentication in the Administrative HTTP Endpoint component, whi...
CowAgent 路径遍历漏洞
CowAgent is an intelligent assistant and scalable agent framework developed by zhayujie’s individual developer. Versions of CowAgent 2.0.4 and earlier had a path traversal vulnerability. This vulnerability stemmed from incorrect handling of the parameter filename in the file...
EUVD-2026-15776
Use of Hard-coded Credentials vulnerability in Addi Addi Cuotas que se adaptan a ti buy-now-pay-later-addi allows Password Recovery Exploitation.This issue affects Addi Cuotas que se adaptan a ti: from n/a through = 2.0.4...
PT-2026-27973
Name of the Vulnerable Software and Affected Versions Addi – Cuotas que se adaptan a ti versions n/a through 2.0.4 Description A flaw exists in Addi – Cuotas que se adaptan a ti buy-now-pay-later-addi that allows for exploitation of the password recovery function due to the use of hard-coded...
Drupal Material Icons 安全漏洞
Drupal Material Icons is a module provided by the Drupal company that offers interface icon display and management functions. Versions of Drupal Material Icons prior to 2.0.4 contained security vulnerabilities, which were caused by improper authorization and could lead to forced browsing...
WordPress Addi – Cuotas que se adaptan a ti plugin <= 2.0.4 - Broken Authentication vulnerability
Broken Authentication vulnerability discovered by Jarno Vos jrn5151 in WordPress Plugin Addi Cuotas que se adaptan a ti versions = 2.0.4...
CVE-2018-25176 Alive Parish 2.0.4 SQL Injection and Arbitrary File Upload
Alive Parish 2.0.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the key parameter in the search endpoint. Attackers can also upload arbitrary files via the person photo upload functionality to th...
PT-2026-23688
Alive Parish 2.0.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the key parameter in the search endpoint. Attackers can also upload arbitrary files via the person photo upload functionality to th...
GHSA-R5MX-6WC6-7H9W dottie is vulnerable to Prototype Pollution bypass via non-first path segments in set() and transform()
Summary dottie versions 2.0.4 through 2.0.6 contain an incomplete fix for CVE-2023-26132. The prototype pollution guard introduced in commit 7d3aee1 only validates the first segment of a dot-separated path, allowing an attacker to bypass the protection by placing proto at any position other than...
CVE-2026-27837 Dottie vulnerable to prototype pollution bypass via non-first path segments in set() and transform()
Dottie provides nested object access and manipulation in JavaScript. Versions 2.0.4 through 2.0.6 contain an incomplete fix for CVE-2023-26132. The prototype pollution guard introduced in commit 7d3aee1 only validates the first segment of a dot-separated path, allowing an attacker to bypass the...
dottie 安全漏洞
Dottie is an application developed by Mick Hansen that allows for easy searching of nested keys. Versions 2.0.4 to 2.0.6 of Dottie contain security vulnerabilities, which stem from incomplete prototype pollution protection mechanisms. These vulnerabilities could lead to bypassing the protection...
CVE-2025-66135
Missing Authorization vulnerability in merkulove Imager for Elementor imager-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Imager for Elementor: from n/a through = 2.0.4...