WordPress Mr. Cobbler theme <= 1.1.9 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Mr. Cobbler versions = 1.1.9...

Unitree Go2 访问控制错误漏洞

The Unitree Go2 is a robotic dog developed by the Chinese company Unitree. Versions 1.1.7 to 1.1.9, as well as version 1.1.11 of Unitree Go2, have vulnerabilities related to access control. These vulnerabilities stem from the lack of DDS authentication or authorization for the Eclipse CycloneDDS...

CVE-2025-52835

Technical details for CVE-2025-52835 are not provided in the supplied documents. No confirmation of affected products, impact, or fixes is available here; please monitor for updates from official advisories.

WordPress WING WordPress Migrator plugin <= 1.1.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Tran Tuan Dung domiee13 in WordPress Plugin WING WordPress Migrator versions = 1.1.9...

CVE-2024-37488

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in HelloAsso HelloAsso helloasso.This issue affects HelloAsso: from n/a through = 1.1.9...

CVE-2023-48768

Cross-Site Request Forgery CSRF vulnerability in CodeAstrology Team Quantity Plus Minus Button for WooCommerce by CodeAstrology.This issue affects Quantity Plus Minus Button for WooCommerce by CodeAstrology: from n/a through 1.1.9...

WordPress Zegen theme <= 1.1.9 - Missing Authorization to Authenticated (Subscriber+) Theme Options Updates vulnerability

Missing Authorization to Authenticated Subscriber+ Theme Options Updates vulnerability discovered by Lucio Sá in WordPress Theme Zegen versions = 1.1.9...

CVE-2025-23799

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tubegtld .TUBE Video Curator tube-video-curator allows Reflected XSS.This issue affects .TUBE Video Curator: from n/a through = 1.1.9...

PT-2024-27597 · Helloasso · Helloasso

Name of the Vulnerable Software and Affected Versions: HelloAsso versions 1.1.9 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendations: For versions...

WordPress Mega Elements plugin <= 1.1.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Khalid Patchstack Alliance in WordPress Plugin Mega Elements versions = 1.1.9...

WordPress Theme Networker 安全漏洞

WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports personal blog sites on servers running PHP and MySQL.WordPress theme is a theme for WordPress. A security vulnerability exists in WordPress Theme Networker 1.1.9 and earlier versions, which stems...

CVE-2024-24803

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPoperation Ultra Companion – Companion plugin for WPoperation Themes allows Stored XSS.This issue affects Ultra Companion – Companion plugin for WPoperation Themes: from n/a through 1.1.9...

NPM IP package incorrectly identifies some private IP addresses as public

The isPublic function in the NPM package ip doesn't correctly identify certain private IP addresses in uncommon formats such as 0x7F.1 as private. Instead, it reports them as public by returning true. This can lead to security issues such as Server-Side Request Forgery SSRF if isPublic is used to...

CVE-2023-31229

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in WP Directory Kit.This issue affects WP Directory Kit: from n/a through 1.1.9...

WordPress Plugin WP Directory Kit 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

WordPress plugin Thumbnail carousel slider 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PYSEC-2022-43179

Poetry is a dependency manager for Python. To handle dependencies that come from a Git repository, Poetry executes various commands, e.g. git config. These commands are being executed using the executable’s name and not its absolute path. This can lead to the execution of untrusted code due to th...

Poetry 参数注入漏洞

Poetry is a tool for dependency management and packaging in Python. It allows you to declare the libraries your project depends on and will manage install/update them for you. A parameter injection vulnerability exists in Poetry versions prior to 1.1.9 and prior to 1.2.0b1, the vulnerability stem...

nineone152 (>=1.1.9 <=1.1.11) potentially affected by unknown CVE via node-ftp (=0.0.1-security)

node-ftp NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on node-ftp and may be impacted: - nineone152 =1.1.9, =1.1.11 Source cves: unknown CVE Source advisory: OSV:GHSA-5JGP-PG4F-Q8VJ...