3 matches found
CVE-2026-2437
The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wtetriptax' shortcode in all versions up to, and including, 6.7.5 due to insufficient input sanitization and output escaping on user supplied...
CVE-2026-28804
CVE-2026-28804 affects pypdf prior to 6.7.5. A crafted PDF that uses the /ASCIIHexDecode filter can cause long runtimes (DoS) when decoding streams. This vulnerability is resolved by upgrading to pypdf 6.7.5 or later, as noted in multiple sources (NVD/NIST entry, IBM Watson Discovery Cartridge ad...
CVE-2018-7066
An unauthenticated remote command execution exists in Aruba ClearPass Policy Manager on linked devices. The ClearPass OnConnect feature permits administrators to link other network devices into ClearPass for the purpose of collecting enhanced information about connected endpoints. A defect in the...