17 matches found
CVE-2026-3604
The WP SEO Structured Data Schema plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the kcseoativetab parameter in all versions up to, and including, 2.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CLEANSTART-2026-UJ06223 Security fixes for CVE-2025-25285, CVE-2026-21637, ghsa-23c5-xmqv-rm74, ghsa-34x7-hfp2-rc4v, ghsa-72xf-g2v4-qvf3, ghsa-7r86-cg39-jmmj, ghsa-83g3-92jg-28cx, ghsa-8gc5-j5rx-235r, ghsa-8qq5-rm4j-mr97, ghsa-9ppj-qmqm-q256, ghsa-fj3w-jwp8-x2g3, ghsa-fjxv-7rqg-78g4, ghsa-jp2q-39xq-3w4g, ghsa-mh29-5h37-fv8m, ghsa-pfrx-2q88-qq97, ghsa-qffp-2rhf-9h96, ghsa-r6q2-hw4h-h46w, ghsa-rc47-6667-2j5j, ghsa-rmvr-2pp2-xj38 applied in versions: 2.6.0-r1, 2.7.0-r0, 2.8.1-r0
Multiple security vulnerabilities affect the mongosh package. These issues are resolved in later releases. See references for individual vulnerability details...
CVE-2022-47609
Cross-Site Request Forgery CSRF vulnerability in Nicearma DNUI plugin = 2.8.1 versions...
WordPress W3 Total Cache plugin <= 2.8.1 Information Exposure via Log Files vulnerability
WordPress W3 Total Cache plugin = 2.8.1 Information Exposure via Log Files vulnerability discovered by villu164 in WordPress Plugin W3 Total Cache versions = 2.8.1...
CVE-2024-11834
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in PlexTrac allows arbitrary file writes.This issue affects PlexTrac: from 1.61.3 before 2.8.1...
PT-2024-17281 · Plextrac · Plextrac
Name of the Vulnerable Software and Affected Versions: PlexTrac versions 1.61.3 through 2.8.1 Description: The issue is related to a Path Traversal vulnerability, which allows arbitrary file writes due to improper limitation of a pathname to a restricted directory. This enables unauthorized acces...
PT-2024-36096 · Unknown · Aio Contact
Name of the Vulnerable Software and Affected Versions: AIO Contact versions prior to 2.8.1 Description: The issue is related to a Missing Authorization vulnerability. Recommendations: For versions prior to 2.8.1, update to a version that contains a fix for this issue. At the moment, there is no...
WordPress AIO Contact plugin <= 2.8.1 - Unauthenticated Site-Wide Cross Site Scripting (XSS) vulnerability
Unauthenticated Site-Wide Cross Site Scripting XSS vulnerability discovered by Dave Jong Patchstack in WordPress Plugin AIO Contact versions = 2.8.1...
WordPress ShopLentor plugin <= 2.8.1 - Improper Authorization via woolentor_template_store vulnerability
Improper Authorization via woolentortemplatestore vulnerability discovered by Lucio Sá in WordPress Plugin ShopLentor versions = 2.8.1...
cn.aradin:aradin-spring-actuator-starter (>=1.0.1 <=1.0.3), cn.fscode.common:common-kafka-spring-boot-starter (=0.0.1) +423 more potentially affected by CVE-2023-34040 via org.springframework.kafka:spring-kafka (>=2.8.1 <=2.9.10)
org.springframework.kafka:spring-kafka MAVEN version =2.8.1, =1.0.1, =0.0.2, =2.7.7.5, =2.7.0.0, =1.1.0, =1.0.3, =1.0.3, =3.16.2, =0.0.1, =0.0.11 - com.argusoft:medplatlms =0.0.1 - com.argusoft:medplatsecurity =0.0.1 - com.brihaspathee.zeus:account-processor =0.0.1 and more Source cves:...
SUSE CVE-2022-29196
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.Conv3DBackpropFilterV2 does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack...
Discourse 信息泄露漏洞
Discourse is an open source community discussion platform. The platform includes features such as community, email and chat rooms. An information disclosure vulnerability exists in Discourse versions 2.8.1 and earlier, and 2.9.0.beta.13 and earlier. An attacker can exploit this vulnerability to...
Caldera 安全漏洞
Caldera is a suite of software from Caldera France that provides color management, imaging and processing solutions for printer devices. Caldera suffers from an Access Control Error vulnerability in version 2.8.1 and earlier, which stems from the software's failure to properly segregate user...
Dolibarr 授权问题漏洞
Dolibarr is a software application. A modern software package to help manage your organization's activities. A security vulnerability exists in Dolibarr versions v2.8.1 through v13.0.2 that allows a low-privileged attacker to reset the password of any user in the affected application using the...
Dolibarr ERP/CRM 访问控制错误漏洞
Dolibarr ERP/CRM is a Web-based enterprise resource planning ERP and customer relationship management CRM system from the Dolibarr Foundation in France. The system can be used to manage products, inventory, invoices, orders, and more. An Access Control Error vulnerability exists in Dolibarr ERP/C...
PYSEC-2020-152
In Wagtail before versions 2.8.1 and 2.7.2, a cross-site scripting XSS vulnerability exists on the page revision comparison view within the Wagtail admin interface. A user with a limited-permission editor account for the Wagtail admin could potentially craft a page revision history that, when...
PT-2018-3065 · Freeware Advanced Audio Coder +1 · Faad2 +1
Name of the Vulnerable Software and Affected Versions: Freeware Advanced Audio Decoder 2 FAAD2 versions 2.8.1 and earlier Description: The issue is related to a heap-based buffer overflow in the excluded channels function of the Freeware Advanced Audio Decoder 2 FAAD2 audio decoder. This can allo...