CVE-2023-50844

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in James Ward Mail logging – WP Mail Catcher.This issue affects Mail logging – WP Mail Catcher: from n/a through 2.1.3...

CVE-2022-3506

Cross-site Scripting XSS - Stored in GitHub repository barrykooij/related-posts-for-wp prior to 2.1.3...

CVE-2025-48374 zot logs secrets

zot is ancontainer image/artifact registry based on the Open Container Initiative Distribution Specification. Prior to version 2.1.3 corresponding to pseudoversion 1.4.4-0.20250522160828-8a99a3ed231f, when using Keycloak as an oidc provider, the clientsecret gets printed into the container stdout...

CVE-2020-6584

Nagios Log Server 2.1.3 has Incorrect Access Control...

WordPress Maspik - Advanced Spam protection plugin < 2.1.3 - Admin+ Stored XSS vulnerability

WordPress Maspik - Advanced Spam protection plugin 2.1.3 - Admin+ Stored XSS vulnerability discovered by Krugov Artyom in WordPress Plugin Maspik – Spam blacklist versions 2.1.3...

WordPress plugin Maspik 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

Security Bulletin: The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios, affects watsonx.data

Summary axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if ⁠baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This...

Security update for elemental-toolkit

This update for elemental-toolkit fixes the following issues: Updated to version 2.1.3: Simplify podman calls in CI steup Switched GHA runners to Ubuntu 24.04 Updated year in headers Updated to go1.23, required by the new x/crypto module CVE-2025-22870: Fixed proxy bypass using IPv6 zone IDs...

CVE-2025-39581

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themifyme Themify Shortcodes themify-shortcodes allows Stored XSS.This issue affects Themify Shortcodes: from n/a through = 2.1.3...

CVE-2025-39525

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpWax Logo Carousel Slider logo-carousel-slider allows Stored XSS.This issue affects Logo Carousel Slider: from n/a through = 2.1.3...

Drupal Colorbox 安全漏洞

Drupal Colorbox is a module plugin in the Drupal content management system for the Drupal community. A security vulnerability exists in Drupal Colorbox versions prior to 2.1.3 that stems from improper input neutralization and could lead to a cross-site scripting attack...

CVE-2025-39581

CVE-2025-39581 is a stored XSS vulnerability in the WordPress plugin Themify Shortcodes (affected: n/a–2.1.3). The root cause, as described in the sources, is improper neutralization of input during web page generation, enabling attackers to inject malicious scripts via stored data. The CVSS base...

CVE-2025-39581 WordPress Themify Shortcodes <= 2.1.3 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themifyme Themify Shortcodes allows Stored XSS. This issue affects Themify Shortcodes: from n/a through 2.1.3...

WordPress plugin Logo Carousel Slider 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

WordPress plugin ABA PayWay Payment Gateway for WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

Use After Free

Overview unicorn is an Unicorn CPU emulator engine Affected versions of this package are vulnerable to Use After Free in softmmu/memory.c, which is invoked during snapshot restore operations. Remediation Upgrade unicorn to version 2.1.3 or higher. References - GitHub Commit...

CVE-2025-2865

SaTECH BCU, in its firmware version 2.1.3, could allow XSS attacks and other malicious resources to be stored on the web server. An attacker with some knowledge of the web application could send a malicious request to the victim users. Through this request, the victims would interpret the code...

CVE-2025-2862

SaTECH BCU, in its firmware version 2.1.3, performs weak password encryption. This allows an attacker with access to the device's system or website to obtain the credentials, as the storage methods used are not strong enough in terms of encryption...

CVE-2025-2860

SaTECH BCU in its firmware version 2.1.3, allows an authenticated attacker to access information about the credentials that users have within the web .xml file. In order to exploit this vulnerability, the attacker must know the path, regardless of the user's privileges on the website...

CVE-2025-2861

SaTECH BCU in its firmware version 2.1.3 uses the HTTP protocol. The use of the HTTP protocol for web browsing has the problem that information is exchanged in unencrypted text. Since sensitive data such as credentials are exchanged, an attacker could obtain them and log in legitimately...