EUVD-2026-22231

The Eventin – Events Calendar, Event Booking, Ticket & Registration AI Powered plugin for WordPress is vulnerable to unauthorized access of data due to a improper capability check on the getitempermissionscheck function in all versions up to, and including, 4.1.8. This makes it possible for...

MAL-2026-2537 Malicious code in @b2b-portal/form (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7bfd3d2bf611173cd9899eb7ae28620ce52dd78812b47d5f9ca1fc68555c5b70 The package @b2b-portal/form was found to contain malicious code. Source: ghsa-malware 01b5517a25cba37fda750436dbbba1fe86b2c36fb7eafbbb0b49cf17d95e5a...

CVE-2026-22242

CVE-2026-22242 (CoreShop) affects CoreShop prior to 4.1.8. A blind SQL injection exists in the admin reports path, enabling an authenticated administrator to extract database contents via inputs such as the store parameter. Root cause: unsanitized user input is concatenated into a SQL query, allo...

EUVD-2026-1677

CoreShop is a Pimcore enhanced eCommerce solution. Prior to version 4.1.8, a blind SQL injection vulnerability exists in the application that allows an authenticated administrator-level user to extract database contents using boolean-based or time-based techniques. The database account used by th...

EUVD-2025-9457

Malicious code in bioql PyPI...

CVE-2022-21715

CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. A cross-site scripting XSS vulnerability was found in API\ResponseTrait in Codeigniter4 prior to version 4.1.8. Attackers can do XSS attacks if a potential victim is using API\ResponseTrait. Version 4.1.8 contains a...

CVE-2025-46820 phpgt/Dom exposes the GITHUB_TOKEN in Dom workflow run artifact

phpgt/Dom provides access to modern DOM APIs. Versions of phpgt/Dom prior to 4.1.8 expose the GITHUBTOKEN in the Dom workflow run artifact. The ci.yml workflow file uses actions/upload-artifact@v4 to upload the build artifact. This artifact is a zip of the current directory, which includes the...

CVE-2025-31580

Missing Authorization vulnerability in Anzar Ahmed Ni WooCommerce Product Enquiry ni-woocommerce-product-enquiry allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Ni WooCommerce Product Enquiry: from n/a through = 4.1.8...

Mastodon < 4.1.8 Multiples Vulnerabilities

According to its self-reported version number, the Mastodon application running on the remote host is prior to 3.5.14 or 4.0.x prior to 4.0.10 or 4.1.x prior to 4.1.8. It is, therefore, affected by multiples vulnerabilities : - A Stored XSS through the translation feature - A Server-side request...

WordPress CMP - Coming Soon & Maintenance Plugin < 4.1.8 Improper Access Control Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:niteothemes:cmp"; ifdescription...

DEBIAN-CVE-2023-27372

SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1...

WordPress Rezgo Online Booking <= 4.1.7 - Reflected Cross-Site-Scripting (XSS) vulnerability

Reflected Cross-Site-Scripting XSS vulnerability discovered by cydave in WordPress Rezgo Online Booking versions = 4.1.7. Solution Update the WordPress Rezgo plugin to the latest available version at least 4.1.8...

CVE-2022-21715

CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. A cross-site scripting XSS vulnerability was found in API\ResponseTrait in Codeigniter4 prior to version 4.1.8. Attackers can do XSS attacks if a potential victim is using API\ResponseTrait. Version 4.1.8 contains a...

Cross site scripting

CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. A cross-site scripting XSS vulnerability was found in API\ResponseTrait in Codeigniter4 prior to version 4.1.8. Attackers can do XSS attacks if a potential victim is using API\ResponseTrait. Version 4.1.8 contains a...

CVE-2022-21715 Cross-site Scripting Vulnerability in CodeIgniter4

CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. A cross-site scripting XSS vulnerability was found in API\ResponseTrait in Codeigniter4 prior to version 4.1.8. Attackers can do XSS attacks if a potential victim is using API\ResponseTrait. Version 4.1.8 contains a...

CVE-2022-21715 Cross-site Scripting Vulnerability in CodeIgniter4

CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. A cross-site scripting XSS vulnerability was found in API\ResponseTrait in Codeigniter4 prior to version 4.1.8. Attackers can do XSS attacks if a potential victim is using API\ResponseTrait. Version 4.1.8 contains a...

PT-2022-15060 · Unknown · Codeigniter4

Name of the Vulnerable Software and Affected Versions: CodeIgniter4 versions prior to 4.1.8 Description: A cross-site scripting XSS issue was found in APIResponseTrait in CodeIgniter4. Attackers can perform XSS attacks if a potential victim is using APIResponseTrait. Recommendations: For versions...

Ninja Tables < 4.1.8 - Admin+ Stored Cross-Site Cross-Site Scripting

The plugin does not sanitise and escape some of its table fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Create a table, add a column with the following payload " as Name, then add data with the followin...

Apache OpenOffice Access Control Error Vulnerability

Apache OpenOffice is an open source office software suite from the U.S. Apache Apache Foundation. The suite contains text documents , spreadsheets , presentations , drawings , databases and so on. An Access Control Error vulnerability exists in Apache OpenOffice version 4.1.8, which stems from th...

Nagios Command Injection Vulnerability

Nagios is a set of open source and free network monitoring tools from the American company Nagios. A command injection vulnerability exists in Nagios Fusion version 4.1.8 and earlier, which can be exploited by an attacker to escalate privileges from apache to root...