CVE-2026-27840

ZITADEL is an open source identity management platform. Starting in version 2.31.0 and prior to versions 3.4.7 and 4.11.0, opaque OIDC access tokens in the v2 format truncated to 80 characters are still considered valid. Zitadel uses a symmetric AES encryption for opaque tokens. The cleartext...

EUVD-2025-31645

Malicious code in bioql PyPI...

CVE-2025-47694

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in solwin Blog Designer PRO blog-designer-pro.This issue affects Blog Designer PRO: from n/a through = 3.4.7...

CVE-2025-47695 WordPress Blog Designer PRO plugin <= 3.4.7 - Authenticated Non-Arbitrary Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in solwin Blog Designer PRO blog-designer-pro.This issue affects Blog Designer PRO: from n/a through = 3.4.7...

WordPress plugin Blog Designer PRO 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2024-47336

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Vladimir Statsenko Terms descriptions terms-descriptions allows Stored XSS.This issue affects Terms descriptions: from n/a through = 3.4.7...

WordPress Ohio Theme Extra plugin <= 3.4.7 - Shortcode Injection vulnerability

Shortcode Injection vulnerability discovered by Kursat Cetin Patchstack in WordPress Plugin Ohio Extra versions = 3.4.7...

WordPress Terms Descriptions plugin <= 3.4.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Jorge Diaz - ddiax Patchstack Alliance in WordPress Plugin Terms descriptions versions = 3.4.7...

PT-2024-32075 · Icecms · Icecms

Name of the Vulnerable Software and Affected Versions: IceCMS versions 3.4.7 and earlier Description: The issue allows attackers to arbitrarily modify users' information, including username and password, via a crafted POST request sent to the endpoint "/User/ChangeUser/s" in the ChangeUser functi...

PT-2024-32072 · Icecms · Icecms

Name of the Vulnerable Software and Affected Versions: IceCMS versions 3.4.7 and earlier Description: The issue allows attackers to bypass authentication by entering arbitrary values as the username and password via the loginAdmin method in the UserController.java file. This enables unauthorized...

WordPress plugin Survey Maker 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

CVE-2023-25905

Adobe Dimension versions 3.4.7 and earlier is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

Heap overflow

Adobe Dimension versions 3.4.7 and earlier is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

PT-2023-1895 · Adobe · Dimension

Name of the Vulnerable Software and Affected Versions: Adobe Dimension versions 3.4.7 and earlier Description: The issue is related to a heap-based buffer overflow in dynamic memory, which could allow an attacker to execute arbitrary code. Exploitation of this issue requires user interaction, whe...

PT-2022-6453 · Adobe · Dimension

Name of the Vulnerable Software and Affected Versions: Adobe Dimension versions 3.4.7 and earlier Description: The issue is related to an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as...