CVE-2026-44460

FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. Prior to 3.12.0, /api/totpsetup.php is callable from a session that has only passed the password check state pendingloginuser. When the target account already has TOTP configured, the endpoint...

EUVD-2026-32582

Botan is a C++ cryptography library. Prior to 3.12.0, certain patterns of indefinite length encodings in BER data could cause quadratic behavior in the parser, resulting in a denial of service. Such BER encodings were accepted even in structures which are required to be encoded as DER, which...

CVE-2025-62880

Cross-Site Request Forgery CSRF vulnerability in Kunal Custom 404 Pro custom-404-pro allows Cross Site Request Forgery.This issue affects Custom 404 Pro: from n/a through = 3.12.0...

EUVD-2025-204706

Cross-Site Request Forgery CSRF vulnerability in Kunal Nagar Custom 404 Pro allows Cross Site Request Forgery.This issue affects Custom 404 Pro: from n/a through 3.12.0...

PT-2025-52640

Name of the Vulnerable Software and Affected Versions Custom 404 Pro versions through 3.12.0 Description A Cross-Site Request Forgery issue exists in Kunal Nagar Custom 404 Pro. This allows attackers to perform actions on behalf of authenticated users. The issue affects Custom 404 Pro WordPress...

CVE-2025-9947

The Custom 404 Pro plugin for WordPress is vulnerable to time-based SQL Injection via the ‘path’ parameter in all versions up to, and including, 3.12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...

CVE-2025-9947

The Custom 404 Pro plugin for WordPress is vulnerable to time-based SQL Injection via the ‘path’ parameter in all versions up to, and including, 3.12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...

CVE-2025-10498 Ninja Forms – The Contact Form Builder That Grows With You <= 3.12.0 - Cross-Site Request Forgery to Limited File Deletion

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.12.0. This is due to missing or incorrect nonce validation when exporting CSV files. This makes it possible for unauthenticated...

CVE-2025-10499 Ninja Forms – The Contact Form Builder That Grows With You <= 3.12.0 - Cross-Site Request Forgery to Plugin Settings Update

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.12.0. This is due to missing or incorrect nonce validation on the maybeoptin function. This makes it possible for unauthenticated...

CVE-2025-10499

CVE-2025-10499 : The WordPress plugin Ninja Forms – The Contact Form Builder That Grows With You (up to version 3.12.0) is vulnerable to a Cross‑Site Request Forgery (CSRF) due to missing/incorrect nonce validation in the maybe_opt_in() function. This allows unauthenticated attackers to trigger e...

WordPress plugin Ninja Forms 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...

BIT-LIBPYTHON-2023-6507 Groups not dropped before running subprocess when using empty 'extra_groups' parameter

An issue was found in CPython 3.12.0 subprocess module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the extragroups= parameter with an empty list as a value ie extragroups= the logic regressed to not call setgroups0, NULL before...

PT-2025-27623 · Apache · Apache Apisix

Name of the Vulnerable Software and Affected Versions: Apache APISIX versions prior to 3.12.0 Description: A vulnerability in the openid-connect plugin of Apache APISIX allows an attacker with a valid account on one issuer to log into another issuer, given certain conditions. These conditions...

CVE-2024-47357

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Leevio Happy Addons for Elementor allows Stored XSS.This issue affects Happy Addons for Elementor: from n/a through 3.12.0...

WordPress Happy Addons for Elementor Plugin <= 3.12.0 is vulnerable to Cross Site Scripting (XSS)

Software Happy Addons for Elementor Type Plugin Vulnerable versions = 3.12.0 Fixed in 3.12.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47357 Patch priority Low CVSS severity Low 6.5 Developer Leevio PSID 16b2bad2bdae Credits Robert DeVore Required privilege...

WordPress GiveWP Plugin <= 3.12.0 is vulnerable to Cross Site Scripting (XSS)

Software GiveWP Type Plugin Vulnerable versions = 3.12.0 Fixed in 3.12.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35679 Patch priority Medium CVSS severity Medium 7.1 Developer Liquid Web / StellarWP PSID f4b075a69f03 Credits Dimas Maulana Required privilege...

PT-2024-21917 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server version 3.12.0 Description: A Cross Site Request Forgery issue was identified that allowed an attacker to execute unauthorized actions on behalf of an unsuspecting user, with the mitigating factor that user interactio...

PT-2023-9621 · Python +2 · Cpython +2

Name of the Vulnerable Software and Affected Versions: CPython version 3.12.0 Description: The issue is related to errors in privilege management in the subprocess module of the CPython interpreter. When using the extra groups= parameter with an empty list as a value, the logic regressed to not...

Python Security Vulnerabilities

Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A security vulnerability exists in Python version 3.12.0 that stems from the fact that when using the empty...

WordPress CoCart – Headless ecommerce Plugin <= 3.11.2 is vulnerable to Broken Access Control

Software CoCart – Headless ecommerce Type Plugin Vulnerable versions = 3.11.2 Fixed in 3.12.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-47241 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 4219e5e464d3 Credits Mika Required...