CVE-2026-24361

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThimPress LearnPress - Course Review learnpress-course-review allows Stored XSS.This issue affects LearnPress - Course Review: from n/a through = 4.1.9...

CVE-2026-23959

CoreShop is a Pimcore enhanced eCommerce solution. An error-based SQL Injection vulnerability was identified in versions prior to 4.1.9 in the CustomerTransformerController within the CoreShop admin panel. The affected endpoint improperly interpolates user-supplied input into a SQL query, leading...

CVE-2026-23959 CoreShop Vulnerable to SQL Injection via Admin customer-company-modifier

CoreShop is a Pimcore enhanced eCommerce solution. An error-based SQL Injection vulnerability was identified in versions prior to 4.1.9 in the CustomerTransformerController within the CoreShop admin panel. The affected endpoint improperly interpolates user-supplied input into a SQL query, leading...

CVE-2026-23959 CoreShop Vulnerable to SQL Injection via Admin customer-company-modifier

CoreShop is a Pimcore enhanced eCommerce solution. An error-based SQL Injection vulnerability was identified in versions prior to 4.1.9 in the CustomerTransformerController within the CoreShop admin panel. The affected endpoint improperly interpolates user-supplied input into a SQL query, leading...

EUVD-2022-1477

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2019-10163

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU loa...

WordPress plugin Estatik 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

CVE-2022-24711

CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. Prior to version 4.1.9, an improper input validation vulnerability allows attackers to execute CLI routes via HTTP request. Version 4.1.9 contains a patch. There are currently no known workarounds for this vulnerabilit...

WordPress Master Accordion ( Former WP Awesome FAQ Plugin ) Plugin <= 4.1.9 is vulnerable to Cross Site Scripting (XSS)

Software Master Accordion Former WP Awesome FAQ Plugin Type Plugin Vulnerable versions = 4.1.9 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f4070e91cc4d Credits Rafi...

Django 3.2.x < 3.2.19, 4.1.x < 4.1.9, 4.2.x < 4.2.1 Improper Input Validation Vulnerability - Linux

Django is prone to an input validation vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:djangoproject:django"; if...

CVE-2021-4331

The Plus Addons for Elementor plugin for WordPress is vulnerable to privilege escalation in versions up to, and including 4.1.9 pro and 2.0.6 free. The plugin adds a registration form to the Elementor page builders functionality. As part of the registration form, users can choose which role to se...

WordPress plugin Plus Addons for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

WordPress plugin Plus Addons for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

Security Bulletin: There is a vulnerability in moment.js used by IBM QRadar User Behavior Analytics (CVE-2022-24785)

Summary There is a vulnerability in moment.js used by IBM QRadar User Behavior AnalyticsUBA. This vulnerabiliity is addressed in UBA by upgrading to a version of moment.js that resolves the issue. Vulnerability Details CVEID:CVE-2022-24785 DESCRIPTION: Moment.js could allow a remote attacker to...

Input validation

CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. Prior to version 4.1.9, an improper input validation vulnerability allows attackers to execute CLI routes via HTTP request. Version 4.1.9 contains a patch. There are currently no known workarounds for this vulnerabilit...

WordPress CAOS | Host Google Analytics Locally plugin <= 4.1.8 - Arbitrary Folder Deletion via Path Traversal vulnerability

Arbitrary Folder Deletion via Path Traversal vulnerability discovered by José Aguilera in WordPress CAOS | Host Google Analytics Locally plugin versions = 4.1.8. Solution Update the WordPress CAOS | Host Google Analytics Locally plugin to the latest available version at least 4.1.9...

Updated suricata packages fix security vulnerabilities

The suricata package has been updated to version 4.1.9, which fixes security issues and other bugs. See the upstream announcements for details...

PowerDNS Authoritative Server Crafted Zone Records DoS Vulnerability (2019-04)

PowerDNS Authoritative Server is prone to a denial of service DoS via crafted zone records. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE...

PowerDNS Authoritative Server NOTIFY Packets DoS Vulnerability (2019-05)

PowerDNS Authoritative Server is prone to a denial of service DoS via NOTIFY packets. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

UBUNTU-CVE-2019-3806

An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua...