EUVD-2026-23486

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the xdrstatusvector function does not handle the iscargcstring type when decoding an opresponse packet, causing a server crash when one is encountered in the status vector. An...

CVE-2026-28224

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when the server receives an opcryptkeycallback packet without prior authentication, the portservercryptcallback handler is not initialized, resulting in a null pointer dereference and...

PT-2026-33483

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the xdr status vector function does not handle the isc arg cstring type when decoding an op response packet, causing a server crash when one is encountered in the status vector. An...

Firebird 安全漏洞

Firebird is a set of open-source, cross-platform relational database management systems provided by the Firebird Foundation, which include multiple ANSI SQL-92 functions. Vulnerabilities exist in versions prior to Firebird 5.0.4, 4.0.7, and 3.0.14. These vulnerabilities stem from the Wide type...

Firebird 安全漏洞

Firebird is a set of open-source, cross-platform relational database management systems provided by the Firebird Foundation, offering multiple ANSI SQL-92 features. Vulnerabilities exist in versions prior to Firebird 5.0.4, 4.0.7, and 3.0.14. These vulnerabilities stem from the lack of validation...

CVE-2026-32100

Shopware is an open commerce platform. /api/info/config route exposes information about active security fixes. This vulnerability is fixed in 2.0.16, 3.0.12, and 4.0.7...

CVE-2025-11370 Depicter <= 4.0.7 - Missing Authorization to Unauthenticated Display Rule Updates

The Popup and Slider Builder by Depicter – Add Email collecting Popup, Popup Modal, Coupon Popup, Image Slider, Carousel Slider, Post Slider Carousel plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'store' function of the...

CVE-2025-14061

CVE-2025-14061 – WP Cookie Consent (Cookie Banner, GDPR/CCPA consent) for WordPress : Unauthenticated attackers can modify data and permanently delete arbitrary posts, pages, attachments, and other post types by ID due to a missing capability check in gdpr_delete_policy_data. Affected versions: a...

EUVD-2025-203577

Missing Authorization vulnerability in WP Legal Pages WP Cookie Notice for GDPR, CCPA & ePrivacy Consent gdpr-cookie-consent allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Cookie Notice for GDPR, CCPA & ePrivacy Consent: from n/a through = 4.0.7...

EUVD-2024-37544

Malicious code in bioql PyPI...

EUVD-2024-2491

Malicious code in bioql PyPI...

EUVD-2023-26828

Malicious code in bioql PyPI...

EUVD-2025-24779

Malicious code in bioql PyPI...

behavex-images (>=3.0.7 <=3.3.0rc4) potentially affected by unknown CVE via behavex (>=4.0.7 <=4.4.2)

behavex PYPI version =4.0.7, =3.0.7, =3.3.0rc4 Source cves: unknown CVE Source advisory: SNYK:PYTHON-BEHAVEX-13506941...

CVE-2024-56213

Path Traversal: '.../...//' vulnerability in Arraytics Eventin wp-event-solution allows Path Traversal.This issue affects Eventin: from n/a through = 4.0.7...

CVE-2022-1672

The Insights from Google PageSpeed WordPress plugin before 4.0.7 does not verify for CSRF before doing various actions such as deleting Custom URLs, which could allow attackers to make a logged in admin perform such actions via CSRF attacks...

CVE-2025-30984

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dzynit SEO Tools seo-automatic-seo-tools allows Reflected XSS.This issue affects SEO Tools: from n/a through = 4.0.7...

CVE-2025-30984

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dzynit SEO Tools seo-automatic-seo-tools allows Reflected XSS.This issue affects SEO Tools: from n/a through = 4.0.7...

CVE-2025-30984

CVE-2025-30984 describes a Reflected XSS in the WordPress SEO Tools (NotFound SEO Tools) plugin, with impact on SEO Tools versions up to 4.0.7. Public references (NVD/CVEs) show a CVSS v3.1 base score of 7.1 (HIGH), attack vector NETWORK, no privileges required, user interaction REQUIRED, and imp...

WordPress plugin SEO Tools 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...