EUVD-2026-36251

IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references...

PT-2026-6973

Name of the Vulnerable Software and Affected Versions guchengwuyue yshopmall versions up to 1.9.1 Description A security flaw exists in guchengwuyue yshopmall up to version 1.9.1. The issue is related to unrestricted upload, stemming from manipulation of the File argument within the updateAvatar...

CVE-2025-15496

A vulnerability was determined in guchengwuyue yshopmall up to 1.9.1. Affected is the function getPage of the file /api/jobs. This manipulation of the argument sort causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The project...

WordPress Trash Duplicate and 301 Redirect plugin <= 1.9.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Trash Duplicate and 301 Redirect versions = 1.9.1...

AZL-71473 CVE-2025-65637 affecting package umoci 0.4.7-13

A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is closed, leaving...

CVE-2025-53585

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NooTheme WeMusic noo-wemusic allows Reflected XSS.This issue affects WeMusic: from n/a through = 1.9.1...

EUVD-2023-46152

Malicious code in bioql PyPI...

CVE-2025-47487

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Moreconvert Team MC Woocommerce Wishlist smart-wishlist-for-more-convert allows Reflected XSS.This issue affects MC Woocommerce Wishlist: from n/a through = 1.9.1...

CVE-2024-8730

The Exit Notifier plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.10.4. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...

WordPress plugin GenerateBlocks 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...

WordPress plugin Stripe Payments For WooCommerce by Checkout 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

PT-2024-24018 · Unknown · Arnan De Gans No-Bot Registration

Name of the Vulnerable Software and Affected Versions: Arnan de Gans No-Bot Registration versions 1.9.1 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web...

PT-2024-23759 · Unknown · Custom Field Bulk Editor

Name of the Vulnerable Software and Affected Versions: Custom Field Bulk Editor versions 1.9.1 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Reflected XSS in the Custom Field Bulk...

PT-2024-23471 · Unknown · Lws Optimize

Name of the Vulnerable Software and Affected Versions: LWS Optimize versions 1.9.1 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the software. This type of issue allows an attacker to trick a user into performing unintended actions on a web application that the user is...

WordPress Custom Field Bulk Editor plugin <= 1.9.1 - Cross Site Scripting vulnerability

Cross Site Scripting vulnerability discovered by Dimas Maulana Patchstack Alliance in WordPress Plugin Custom Field Bulk Editor versions = 1.9.1...

Fedora 37 : php-nyholm-psr7 (2023-c29ae4c76f)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-c29ae4c76f advisory. Version 1.6.1 - Security fix: CVE-2023-29197 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Ness...

PT-2023-10329 · Unknown · Django-Ucamlookup

Name of the Vulnerable Software and Affected Versions: django-ucamlookup versions up to 1.9.1 Description: A vulnerability was found in the Lookup Handler component of django-ucamlookup, leading to cross-site scripting. The attack can be launched remotely. This issue affects products that are no...

WordPress plugin 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. WordPress plugin is a WordPress application plugin. WordPress SEO 301 Meta plugin 1.9.1 and earlier versions are vulnerable to a cross-site scripting vulnerability that stems from the plugin's...