EUVD-2026-27540

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bookingformpageurl' parameter in all versions up to, and including, 5.5.0 due to insufficient input sanitization and output escaping. This makes it possib...

CVE-2026-7448

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'firstname' parameter in all versions up to, and including, 5.5.0 due to insufficient input sanitization and output escaping. This makes it possible for...

WordPress plugin LatePoint 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress plugin LatePoint 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004022)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004022 advisory. In the Linux kernel 5.5.0 and newer, the bpf verifier kernel/bpf/verifier.c did not properly restrict the register bounds for 32-bit operations, leading to...

CVE-2025-13357

Vault’s Terraform Provider incorrectly set the default denynullbind parameter for the LDAP auth method to false by default, potentially resulting in an insecure configuration. If the underlying LDAP server allowed anonymous or unauthenticated binds, this could result in authentication bypass. Thi...

EUVD-2022-2939

Malicious code in bioql PyPI...

[SECURITY] Fedora 42 Update: python-orderly-set-5.5.0-2.fc42

Orderly Set is a package containing multiple implementations of Ordered Set...

LionCoders SalePro POS 安全漏洞

LionCoders SalePro POS is a point-of-sale system and inventory management software from LionCoders Bangladesh. A security vulnerability exists in LionCoders SalePro POS version 5.5.0 and prior versions, which stems from mishandling of the login component and could result in the transmission of...

PT-2025-38416

Name of the Vulnerable Software and Affected Versions ClipBucket versions prior to 5.5.0 Description An issue exists in ClipBucket that allows an unauthenticated attacker to upload arbitrary files via the photo uploader.php plupload endpoint due to missing access controls in the upload handler...

CVE-2025-58438

CVE-2025-58438 affects the Python Internet Archive library (lib/python-internetarchive) with a directory traversal in File.download(); vulnerable in 5.5.0 and below. The issue is fixed in 5.5.1. Debian/Ubuntu advisories confirm package upgrades are required (e.g., Debian DLA-4314 and USN-7989-1)....

CVE-2025-58438 internetarchive is vulnerable to Directory Traversal through file downloads

internetarchive is a Python and Command-Line Interface to Archive.org In versions 5.5.0 and below, there is a directory traversal path traversal vulnerability in the File.download method of the internetarchive library. The file.download method does not properly sanitize user-supplied filenames or...

CVE-2025-58438 internetarchive is vulnerable to Directory Traversal through file downloads

internetarchive is a Python and Command-Line Interface to Archive.org In versions 5.5.0 and below, there is a directory traversal path traversal vulnerability in the File.download method of the internetarchive library. The file.download method does not properly sanitize user-supplied filenames or...

PT-2025-30666 · 2Fauth · 2Fauth

Name of the Vulnerable Software and Affected Versions: 2FAuth version 5.5.0 Description: A group deletion race condition can lead to data inconsistencies and orphaned accounts when a group is deleted while other operations are in progress. Recommendations: At the moment, there is no information...

CVE-2025-49289

Missing Authorization vulnerability in add-ons.org PDF for WPForms pdf-for-wpforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDF for WPForms: from n/a through = 5.5.0...

WordPress Print Invoice & Delivery Notes for WooCommerce plugin <= 5.5.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by domiee13 in WordPress Plugin Print Invoice & Delivery Notes for WooCommerce versions = 5.5.0...

CVE-2024-25898

A XSS vulnerability was found in the ChurchCRM v.5.5.0 functionality, edit your event, where malicious JS or HTML code can be inserted in the Event Sermon field in EventEditor.php...

CVE-2020-3998

VMware Horizon Client for Windows 5.x prior to 5.5.0 contains an information disclosure vulnerability. A malicious attacker with local privileges on the machine where Horizon Client for Windows is installed may be able to retrieve hashed credentials if the client crashes...

CVE-2025-24577

Missing Authorization vulnerability in Ays Pro Poll Maker poll-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through = 5.5.0...

CVE-2025-32779 labsai/eddi Vulnerable to Path Traversal (Zip Slip) in ZIP Import Function

E.D.D.I Enhanced Dialog Driven Interface is a middleware to connect and manage LLM API bots. In versions before 5.5.0, an attacker with access to the /backup/import API endpoint can write arbitrary files to locations outside the intended extraction directory due to a Zip Slip vulnerability...