CVE-2026-42751

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpdevelop Booking Manager booking-manager allows Stored XSS.This issue affects Booking Manager: from n/a through = 2.1.18...

PT-2026-43660

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpdevelop Booking Manager booking-manager allows Stored XSS.This issue affects Booking Manager: from n/a through = 2.1.18...

EUVD-2026-20181

Missing Authorization vulnerability in weDevs weDocs wedocs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects weDocs: from n/a through = 2.1.18...

PT-2026-31141

CVE-2026-39520 Missing Authorization vulnerability in weDevs weDocs wedocs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects weDocs: from n/… https://t.co/OgCnfzV9Uz...

CVE-2025-66085

Missing Authorization vulnerability in tychesoftwares Arconix Shortcodes arconix-shortcodes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Arconix Shortcodes: from n/a through = 2.1.18...

EUVD-2025-12354

Malicious code in bioql PyPI...

CVE-2014-125027

A vulnerability has been found in Yuna Scatari TBDev up to 2.1.17 and classified as problematic. Affected by this vulnerability is the function getusericons of the file usersearch.php. The manipulation of the argument n/r/r2/em/ip/co/ma/d/d2/ul/ul2/ls/ls2/dl/dl2 leads to cross site scripting. The...

CVE-2025-39449

Missing Authorization vulnerability in Crocoblock JetWooBuilder jet-woo-builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetWooBuilder: from n/a through = 2.1.18...

CVE-2025-31016 WordPress JetWooBuilder plugin <= 2.1.18 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Crocoblock JetWooBuilder jet-woo-builder allows PHP Local File Inclusion.This issue affects JetWooBuilder: from n/a through = 2.1.18...

Webtrees Security Breach

Webtrees is a web application for publishing family trees online, collaborating with family members, and more. A security vulnerability exists in Webtrees version 2.1.18, which stems from an attacker's ability to navigate to other directories via the mediafolder parameter to access sensitive file...

PT-2024-19543 · Webtrees · Webtrees

Name of the Vulnerable Software and Affected Versions: Webtrees version 2.1.18 Description: The issue allows an attacker, in this case, an administrator, to navigate beyond the intended directory, the 'media/' directory, to access sensitive files in other parts of the application's file system by...

Magento 2 Community Edition CSRF vulnerability

A cross-site request forgery vulnerability exists in the GiftCardAccount removal feature for Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2...

Magento 2 Community Edition XSS Vulnerability

A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with...

Magento Cross-Site Scripting Vulnerability (CNVD-2019-26251)

Magento is an open source PHP e-commerce system of the United States Magento company . The system provides rights management , search engine and payment gateway and other functions. A cross-site scripting vulnerability exists in Magento version 2.1.18 before version 2.1, 2.2.9 before version 2.2...

Magento Permission License and Access Control Issues Vulnerability

Magento is an open source PHP e-commerce system of the United States Magento company . The system provides rights management , search engines and payment gateways and other functions . A vulnerability exists in version 2.1 before Magento 2.1.18, version 2.2 before Magento 2.2.9, and version 2.3...

Magento Permission License and Access Control Issues Vulnerability (CNVD-2019-29105)

Magento is an open source PHP e-commerce system of the United States Magento company . The system provides rights management , search engines and payment gateways and other functions. A vulnerability exists in the order processing flow in Magento version 2.1.18 before version 2.1, version 2.2.9...

Magento Cross-Site Scripting Vulnerability (CNVD-2019-26248)

Magento is an open source PHP e-commerce system of the United States Magento company . The system provides rights management , search engines and payment gateways and other functions . A cross-site scripting vulnerability exists in Magento version 2.1.18 before version 2.1, 2.2.9 before version 2...

CVE-2019-7944

A stored cross-site scripting vulnerability exists in the product comments field of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to the Retur...

Magento input validation error vulnerability (CNVD-2019-39384)

Magento is an open source PHP e-commerce system of the United States Magento company . The system provides rights management , search engines and payment gateways and other functions. A security vulnerability exists in Magento version 2.1 before 2.1.18, version 2.2 before 2.2.9, and version 2.3...

Magento code execution vulnerability (CNVD-2019-39398)

Magento is an open source PHP e-commerce system of the United States Magento company . The system provides rights management , search engines and payment gateways and other functions. A security vulnerability exists in Magento version 2.1 before 2.1.18, version 2.2 before 2.2.9, and version 2.3...