PT-2026-48266

Evoluted PHP Directory Listing Script through 4.0.5 contains a reflected cross-site scripting vulnerability in index.php where the dir parameter value is reflected without HTML encoding inside the HTML title element and inside anchor href attributes in the breadcrumb navigation. Attackers can...

CVE-2026-39704

CVE-2026-39704 concerns a missing authorization (broken access control) vulnerability in the WordPress plugin Precious Metals Automated Product Pricing – Pro (nfusionsolutions). Affected versions are through 4.0.5, where improperly configured access control security levels can be exploited. The P...

EUVD-2025-36014

Missing Authorization vulnerability in Nelio Software Nelio Content nelio-content allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nelio Content: from n/a through = 4.0.5...

PT-2025-35924

Name of the Vulnerable Software and Affected Versions: appRain CMF version 4.0.5 Description: A stored authenticated cross-site scripting XSS issue exists due to insufficient validation of user-supplied data. The vulnerability is triggered through the dataAddonlayouts and dataAddonlayouts except...

PT-2025-35919

Name of the Vulnerable Software and Affected Versions: appRain CMF version 4.0.5 Description: A stored authenticated cross-site scripting XSS issue exists due to insufficient validation of user-supplied data. The vulnerability is triggered through the dataAddonlayouts and dataAddonlayouts except...

AZL-57207 CVE-2025-27144 affecting package buildah 1.18.0-29

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE...

PT-2024-22965

Name of the Vulnerable Software and Affected Versions Xpdf versions 4.05 and earlier Description The issue is an out-of-bounds array write in Xpdf, triggered by a negative object number in an indirect reference in the input PDF file. This occurs when the software processes a PDF file containing a...

Subrion CMS Cross-Site Scripting Vulnerability (CNVD-2016-10246)

Subrion CMS is a PHP-based content management system CMS developed by the Subrion team. The system can be integrated into a website and supports a wide range of extensions plug-ins and more. A cross-site scripting vulnerability exists in Subrion CMS version 4.0.5, which stems from the failure of...