CVE-2026-39565

Missing Authorization vulnerability in magepeopleteam WpTravelly tour-booking-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpTravelly: from n/a through = 2.1.7...

CVE-2026-25605

A vulnerability has been identified in SICAM SIAPP SDK All versions V2.1.7. The affected application performs file deletion without properly validating the file path or target. An attacker could delete files or sockets that the affected process has permission to remove, potentially resulting in...

WordPress Blocksy Theme <= 2.1.6 is vulnerable to Cross Site Scripting (XSS)

Software Blocksy Type Theme Vulnerable versions = 2.1.6 Fixed in 2.1.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-55713 Patch priority Low CVSS severity Low 5.9 Developer Creative Themes PSID 05f50ffb9258 Credits savphill Required privilege Shop manager...

WordPress Contact Form Builder, Contact Widget plugin <= 2.1.7 - Bypass Vulnerability vulnerability

Bypass Vulnerability vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin Contact Form Builder, Contact Widget versions = 2.1.7...

URule 代码问题漏洞

URule is a pure Java rules engine by Gao Jie youseries individual developers. URule v2.1.7 version has a security vulnerability, the vulnerability stems from the existence of XML external entity XXE vulnerability, an attacker can be exploited to exploit the vulnerability by the carefully crafted...