PT-2026-1823

Name of the Vulnerable Software and Affected Versions shiori versions 1.7.4 and below Description A missing rate limit on the login page allows attackers to bypass authentication through brute-force attempts. The affected component is the login functionality, specifically the authentication...

CVE-2025-60538

The CVE concerns shiori, affected in v1.7.4 and earlier, where the login page lacks rate limiting, enabling brute-force attempts to bypass authentication. The root cause is insufficient restrictions on login attempts, allowing unauthorized access under the Attack Vector: Network with low complexi...

WordPress HT Slider for Elementor plugin <= 1.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin HT Slider For Elementor versions = 1.7.4...

WordPress Behance Portfolio Manager plugin <= 1.7.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Behance Portfolio Manager versions = 1.7.5...

CVE-2025-8215 Responsive Addons for Elementor <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

The Responsive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

WordPress FundEngine Plugin <= 1.7.4 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Peter Thaleikis in WordPress Plugin FundEngine versions = 1.7.4...

CVE-2024-3078

A vulnerability was found in Qdrant up to 1.6.1/1.7.4/1.8.2 and classified as critical. This issue affects some unknown processing of the file lib/collection/src/collection/snapshots.rs of the component Full Snapshot REST API. The manipulation leads to path traversal. Upgrading to version 1.8.3 i...

PT-2025-13699 · Unknown · Eleopard Behance Portfolio Manager

Name of the Vulnerable Software and Affected Versions: eleopard Behance Portfolio Manager versions n/a through 1.7.4 Description: The issue is related to an SQL Injection vulnerability, specifically an Improper Neutralization of Special Elements used in an SQL Command. This allows for SQL Injecti...

@clevercanyon/madrun (>=1.0.0 <=1.0.1), @coder/cmux (>=0.3.0-next.64.g5f200a6 <=0.5.1-next.10.g83f9dd4) +19 more potentially affected by CVE-2025-30222 via shescape (>=1.7.4 <=2.1.12)

shescape NPM version =1.7.4, =1.0.0, =0.3.0-next.64.g5f200a6, =1.0.6, =0.1.0, =0.9.22, =1.1.0, =0.1.2, =1.0.0, =0.1.24, =1.0.0, =1.5.1, =1.5.3 and more Source cves: CVE-2025-30222 Source advisory: OSV:GHSA-66PP-5P9W-Q87J...

PT-2023-20109 · WordPress · Eric Teubert Archivist – Custom Archive Templates

Name of the Vulnerable Software and Affected Versions: Eric Teubert Archivist – Custom Archive Templates plugin versions 1.7.4 and earlier Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. Recommendations: For...

PT-2021-20339 · Luca · Luca

Name of the Vulnerable Software and Affected Versions: Luca versions 1.7.4 and earlier Description: The issue allows remote attackers to obtain sensitive information about COVID-19 tracking. This is because requests related to Check-In State occur shortly after requests for Phone Number...

Westermo MRD-315 Information Disclosure Vulnerability

The Westermo MRD-315 is a 3G wireless router from Westermo, Sweden. An information disclosure vulnerability exists in the Westermo MRD-315 version 1.7.3 and version 1.7.4. The vulnerability stems from a configuration or other error in the operation of a network system or product. An attacker coul...