WordPress Word Replacer plugin <= 0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by san6051 - COFFSec in WordPress Plugin Word Replacer versions = 0.4...

GHSA-JQMR-2PG9-VFX7 Apache SIS has Improper Restriction of XML External Entity Reference vulnerability

Improper Restriction of XML External Entity Reference vulnerability in Apache SIS. It is possible to write XML files in such a way that, when parsed by Apache SIS, an XML file reveals to the attacker the content of a local file on the server running Apache SIS. This vulnerability impacts the...

Apache SIS has Improper Restriction of XML External Entity Reference vulnerability

Improper Restriction of XML External Entity Reference vulnerability in Apache SIS. It is possible to write XML files in such a way that, when parsed by Apache SIS, an XML file reveals to the attacker the content of a local file on the server running Apache SIS. This vulnerability impacts the...

ai.stainless:grails-tika (=0.1.0), au.com.turingg:turingg-files (=0.0.1) +488 more potentially affected by CVE-2025-68280 via org.apache.sis.core:sis-metadata (>=0.4 <=1.5)

org.apache.sis.core:sis-metadata MAVEN version =0.4, =1.1.0, =3.6.0, =3.6.1, =3.11.0, =3.19.0 - cloud.testload:jmeter-clickhouse-listener =2.00 and more Source cves: CVE-2025-68280 Source advisory: OSV:GHSA-JQMR-2PG9-VFX7...

CVE-2025-7828 WP Filter & Combine RSS Feeds <= 0.4 - Missing Authorization to Authenticated (Contributor+) Feed Deletion

The WP Filter & Combine RSS Feeds plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the postlistingpage function in all versions up to, and including, 0.4. This makes it possible for authenticated attackers, with Contributor-level access...

PT-2024-35826 · Unknown · Zajax – Ajax Navigation

Name of the Vulnerable Software and Affected Versions: Zajax – Ajax Navigation versions n/a through 0.4 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS in Zajax – Ajax Navigation. This means an attacker can perform unauthorized actions on a user's...

WordPress List categories plugin <= 0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Krzysztof Zając in WordPress Plugin List categories versions = 0.4...

PT-2023-23888 · Kyle Maurer · Don8 Plugin

Name of the Vulnerable Software and Affected Versions: Kyle Maurer Don8 plugin versions = 0.4 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. Recommendations: For Kyle Maurer Don8 plugin versions = 0.4, upda...

aoa (=0.1.0), blinkrs (=1.0.1) +30 more potentially affected by CVE-2020-36206 via rusb (>=0.4.0 <=0.6.5)

rusb CARGO version =0.4.0, =0.2.0, =0.6.0, =0.2.0, =0.1.0, =1.0.0-alpha.2, =0.1.0, =0.1.0, =0.4.0, =0.1.0, =0.1.0, =0.1.0, =0.2.3 and more Source cves: CVE-2020-36206 Source advisory: OSV:RUSTSEC-2020-0098...

libproxy buffer overflow vulnerability (CNVD-2020-58051)

libproxy is a library for individual developers that provides automatic configuration of proxies. A buffer overflow vulnerability exists in libproxy versions 0.4.x through 0.4.15. The vulnerability stems from a network system or product performing operations in memory without properly validating...

arrow (>=0.14.0 <=0.15.1), blockbuffers (=0.1.0) +12 more potentially affected by CVE-2019-25004 via flatbuffers (>=0.4.0 <=0.5.0)

flatbuffers CARGO version =0.4.0, =0.14.0, =0.1.8, =0.1.0, =0.0.5, =0.1.0, =0.1.0, =0.2.0, =3.0.0, =1.0.0, =1.1.2, =1.2.0, =1.3.2 Source cves: CVE-2019-25004 Source advisory: OSV:RUSTSEC-2019-0028...

[SCSA-024] BES-CMS including file vulnerability

====================================================================== Security Corporation Security Advisory SCSA-024 BES-CMS including file vulnerability ====================================================================== PROGRAM: BES-CMS HOMEPAGE: http://bes.h6p.org VULNERABLE VERSIONS: 0.4...

PT-2002-1027 · Dump · Dump

Name of the Vulnerable Software and Affected Versions: dump versions 0.4 b10 through 0.4 b29 Description: The issue allows local users to cause a denial of service, preventing execution, by using the flock function to lock the /etc/dumpdates file. This can lead to a disruption in the availability...