CVE-2026-42679 WordPress Classified Listing plugin <= 5.3.8 - Arbitrary File Download vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Mamunur Rashid Classified Listing allows Path Traversal. This issue affects Classified Listing: from n/a through 5.3.8...

WordPress Plugin “Classified Listing” Path Traversal Vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

Linux Distros Unpatched Vulnerability : CVE-2026-27942

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. Prior to versio...

CVE-2026-27942 fast-xml-parser has stack overflow in XMLBuilder with preserveOrder

fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. Prior to version 5.3.8, the application crashes with stack overflow when user use XML builder with preserveOrder:true. Version 5.3.8 fixes the issue. As...

CVE-2022-0178

Missing Authorization vulnerability in snipe snipe/snipe-it.This issue affects snipe/snipe-i before 5.3.8...

EUVD-2022-0740

Malicious code in bioql PyPI...

EUVD-2024-31294

Malicious code in bioql PyPI...

EUVD-2024-31293

Malicious code in bioql PyPI...

WordPress AutomatorWP plugin <= 5.3.7 - Authenticated (Subscriber+) Missing Authorization to Multiple Functions vulnerability

Authenticated Subscriber+ Missing Authorization to Multiple Functions vulnerability discovered by stealthcopter in WordPress Plugin AutomatorWP versions = 5.3.7...

CVE-2025-48292

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in GoodLayers Tourmaster tourmaster allows PHP Local File Inclusion.This issue affects Tourmaster: from n/a through = 5.3.8...

CVE-2025-47537

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in add-ons.org PDF Invoice Builder for WooCommerce pdf-for-woocommerce allows SQL Injection.This issue affects PDF Invoice Builder for WooCommerce: from n/a through = 5.3.8...

CVE-2025-47537

CVE-2025-47537 describes an SQL Injection vulnerability in the WordPress plugin set PDF Invoices for WooCommerce + Drag and Drop Template Builder. The issue arises from improper neutralization of special elements in SQL commands, affecting versions up to and including 5.3.8. Connected sources (PT...

WordPress WooCommerce Multilingual & Multicurrency plugin <= 5.3.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin WooCommerce Multilingual & Multicurrency versions = 5.3.8...

WordPress plugin WooCommerce Multilingual & Multicurrency 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-33552

Improper Privilege Management vulnerability in 8theme XStore Core allows Privilege Escalation.This issue affects XStore Core: from n/a through 5.3.8...

Zhiyuan Yuedu Shuqi Novel 安全漏洞

Zhiyuan Yuedu Shuqi Novel 书旗小说 is a novel software from China Zhiyuan Yuedu Zhiyuan Yuedu公司. A security vulnerability exists in Zhiyuan Yuedu Shuqi Novel version 5.3.8, which can be exploited by an attacker to obtain sensitive user information by providing a carefully crafted link...

CVE-2024-47605

CVE-2024-47605 affects the SilverStripe ecosystem, specifically the silverstripe-asset-admin asset gallery when using the “insert media” feature. The vulnerability arises because the linked oEmbed JSON may include an HTML attribute that replaces the embed shortcode without sanitization, enabling ...

PT-2025-2953 · Silverstripe · Silverstripe/Framework

Name of the Vulnerable Software and Affected Versions: Silverstripe Framework versions prior to 5.3.8 Description: The Silverstripe Framework, a PHP framework powering the Silverstripe CMS, has an intentional feature allowing form messages to contain HTML markup for links and other relevant...

WordPress plugin XStore Core security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-33552

Improper Privilege Management vulnerability in 8theme XStore Core allows Privilege Escalation.This issue affects XStore Core: from n/a through 5.3.8...