PT-2026-33214

Name of the Vulnerable Software and Affected Versions Thymeleaf versions prior to 3.1.4.RELEASE Description A security bypass exists in the expression execution mechanisms. The library fails to properly restrict the scope of accessible objects, which allows specific sensitive objects to be reache...

CVE-2026-25462

Missing Authorization vulnerability in avalex avalex avalex allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects avalex: from n/a through = 3.1.3...

CVE-2026-1000

The CVE-2026-1000 entry describes a data-destructive vulnerability in the MailerLite – WooCommerce integration for WordPress (versions up to 3.1.3). Root cause: missing capability checks on resetIntegration(), enabling authenticated users with Subscriber-level access or higher to modify data it s...

CVE-2025-59136

Insertion of Sensitive Information Into Sent Data vulnerability in Efí Bank Gerencianet Oficial woo-gerencianet-official allows Retrieve Embedded Sensitive Data.This issue affects Gerencianet Oficial: from n/a through = 3.1.3...

apache-airflow-core (>=3.1.0 <=3.1.3), apache-airflow-providers-common-compat (>=1.6.0 <=1.7.3rc1) +6 more potentially affected by CVE-2025-66388 via apache-airflow (>=3.1.0 <=3.1.3)

apache-airflow PYPI version =3.1.0, =3.1.0, =1.6.0, =1.5.3, =1.26.0, =2.0.2, =0.4.0, =1.1.0, =1.1.3 Source cves: CVE-2025-66388 Source advisory: OSV:PYSEC-2025-86...

WordPress Notice Bar Plugin <= 3.1.3 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin Notice Bar versions = 3.1.3...

CVE-2025-54222

Substance3D - Stager versions 3.1.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2025-54222 Substance3D - Stager | Out-of-bounds Write (CWE-787)

Substance3D - Stager versions 3.1.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2024-3563

The Genesis Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Sharing block in all versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...

CVE-2024-56157 iTop vulnerable to Self XSS in CSV Import

iTop is an web based IT Service Management tool. Prior to versions 3.1.3 and 3.2.1, by filling malicious code in a CSV content, a cross-site scripting attack can be performed when importing this content. The issue is fixed in versions 3.1.3 and 3.2.1. As a workaround, check CSV content before...

CVE-2024-56157

Summary: CVE-2024-56157 affects iTop before versions 3.1.3 and 3.2.1, where inserting malicious code into a CSV during import enables a cross-site scripting (XSS) attack. Affected software: iTop (web-based IT Service Management tool; Combodo). Root cause / vector: CSV import accepts unvalidated/m...

CVE-2025-39414

Cross-Site Request Forgery CSRF vulnerability in Mike spam-stopper spam-stopper allows Stored XSS.This issue affects spam-stopper: from n/a through = 3.1.3...

UBUNTU-CVE-2024-47875

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3...

WordPress plugin Advanced Classifieds & Directory Pro path traversal vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

Information disclosure

ImageSharp is a managed, cross-platform, 2D graphics library. A heap-use-after-free flaw was found in ImageSharp's InitializeImage function of PngDecoderCore.cs file. This vulnerability is triggered when an attacker passes a specially crafted PNG image file to ImageSharp for conversion, potential...

PT-2023-29706 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.1.3 Discourse version 3.2.0.beta3 and earlier of the beta and tests-passed branches Description: Discourse is an open source platform for community discussion. There is an edge case where a bookmark reminder is...

WordPress plugin mTouch Quiz 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

ae.teletronics.ejabberd:EjabberdXMLRPCClient (>=1.0.2 <=1.1.0), br.eti.kinoshita:testlink-java-api (>=1.9.0-1 <=1.9.20-1) +281 more potentially affected by CVE-2016-5004 via org.apache.xmlrpc:xmlrpc-common (>=3.0 <=3.1.3)

org.apache.xmlrpc:xmlrpc-common MAVEN version =3.0, =1.0.2, =1.9.0-1, =0.0.1, =0.0.1, =2.6.1.19, =8.1.0.286, =8.1.0.286, =8.1.0.286, =1.0.0.RELEASE, =0.5, =0.5, =0.7, =0.9 and more Source cves: CVE-2016-5004 Source advisory: OSV:GHSA-R2PG-W96P-PCPJ...

CVE-2021-34621

A vulnerability in the user registration component found in the /src/Classes/RegistrationAuth.php file of the ProfilePress WordPress plugin made it possible for users to register on sites as an administrator. This issue affects versions 3.0.0 - 3.1.3...

CVE-2021-34624

A vulnerability in the file uploader component found in the /src/Classes/FileUploader.php file of the ProfilePress WordPress plugin made it possible for users to upload arbitrary files during user registration or during profile updates. This issue affects versions 3.0.0 - 3.1.3...