CVE-2026-25008

Insertion of Sensitive Information Into Sent Data vulnerability in Shahjahan Jewel Ninja Tables ninja-tables allows Retrieve Embedded Sensitive Data.This issue affects Ninja Tables: from n/a through = 5.2.5...

PT-2026-20678

Insertion of Sensitive Information Into Sent Data vulnerability in Shahjahan Jewel Ninja Tables ninja-tables allows Retrieve Embedded Sensitive Data.This issue affects Ninja Tables: from n/a through = 5.2.5...

WordPress plugin LatePoint 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress LatePoint - Calendar Booking Plugin for Appointments and Events plugin <= 5.2.5 - Cross-Site Request Forgery vulnerability

WordPress LatePoint - Calendar Booking Plugin for Appointments and Events plugin = 5.2.5 - Cross-Site Request Forgery vulnerability discovered by Moose Love - Nagasaki Prefectural University in WordPress Plugin LatePoint versions = 5.2.5...

CVE-2026-0617

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the customer profile fields in all versions up to, and including, 5.2.5 due to insufficient input sanitization and output escaping. This makes it possible for...

EUVD-2026-5287

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the customer profile fields in all versions up to, and including, 5.2.5 due to insufficient input sanitization and output escaping. This makes it possible for...

BearShare Lite security vulnerability

BearShare Lite is a peer-to-peer file sharing software developed by the BearShare company. Version 5.2.5 of BearShare Lite contains a security vulnerability, which stems from a buffer overflow in the advanced search keyword input field, potentially allowing for the execution of arbitrary code...

CVE-2026-22589

Spree is an open source e-commerce solution built with Ruby on Rails. Prior to versions 4.10.2, 5.0.7, 5.1.9, and 5.2.5, an Unauthenticated Insecure Direct Object Reference IDOR vulnerability was identified that allows an unauthenticated attacker to access guest address information without...

CVE-2026-22589

Spree is an open source e-commerce solution built with Ruby on Rails. Prior to versions 4.10.2, 5.0.7, 5.1.9, and 5.2.5, an Unauthenticated Insecure Direct Object Reference IDOR vulnerability was identified that allows an unauthenticated attacker to access guest address information without...

CVE-2026-22589

CVE-2026-22589 affects Spree (Rails e-commerce); unauthenticated IDOR allows access to guest address data. Affected: Spree versions before 4.10.2, 5.0.7, 5.1.9, and 5.2.5. Patch/mitigation: upgrade to 4.10.2+, 5.0.7+, 5.1.9+, or 5.2.5+. Root cause cited as faulty authorization (CanCanCan) leading...

CVE-2025-65108

md-to-pdf is a CLI tool for converting Markdown files to PDF using Node.js and headless Chrome. Prior to version 5.2.5, a Markdown front-matter block that contains JavaScript delimiter causes the JS engine in gray-matter library to execute arbitrary code in the Markdown to PDF converter process o...

CVE-2025-65108

CVE-2025-65108 affects the md-to-pdf CLI (Markdown to PDF) where parsing front matter with a JavaScript delimiter can trigger the gray-matter JS engine to execute arbitrary code during the conversion process, enabling remote code execution. This vulnerability exists in versions prior to 5.2.5 and...

EUVD-2007-6009

Malware in sbrugna...

EUVD-2023-48171

Malicious code in bioql PyPI...

EUVD-2024-30660

Malicious code in bioql PyPI...

EUVD-2022-34959

Malicious code in bioql PyPI...

CVE-2025-58625 WordPress WP Flow Plus Plugin <= 5.2.5 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Spiffy Plugins WP Flow Plus wp-imageflow2 allows Stored XSS.This issue affects WP Flow Plus: from n/a through = 5.2.5...

CVE-2025-58625 WordPress WP Flow Plus Plugin <= 5.2.5 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Spiffy Plugins WP Flow Plus wp-imageflow2 allows Stored XSS.This issue affects WP Flow Plus: from n/a through = 5.2.5...

WordPress plugin WP Flow Plus 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

OPENSUSE-SU-2025:15478-1 pdns-recursor-5.2.5-1.1 on GA media

These are all security issues fixed in the pdns-recursor-5.2.5-1.1 package on the GA media of openSUSE Tumbleweed...