WordPress plugin WPLegalPages 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2025-68479 Discourse subscriptions are susceptible to takeover

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, some subscription endpoints lack proper checking for ownership before making changes. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. No known workarounds...

WeGIA SQL注入漏洞

WeGIA is a web manager for welfare organizations by Nilson Lazarin Individual Developer. An SQL injection vulnerability exists in WeGIA 3.5.4 and prior versions that stems from insufficient validation of the idcategoria parameter, which could lead to an SQL injection attack...

CVE-2025-67501 WeGIA is vulnerable to SQL Injection via editar_categoria endpoint parameter

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Versions 3.5.4 and below contain an SQL Injection vulnerability in the /html/matPat/editarcategoria.php endpoint. The application fails to properly validate and sanitize user inputs in the idcategoria...

JVN#01937209: LINE WORKS Drive Explorer vulnerable to code injection

LINE WORKS Drive Explorer provided by WORKS MOBILE Japan Corp. contains a code injection vulnerability CWE-94. Impact An attacker who can login to the client where the affected product is installed may inject arbitrary code while processing the product execution. Since a full disk access privileg...

CVE-2022-21184

An information disclosure vulnerability exists in the License registration functionality of Bachmann Visutec GmbH Atvise 3.5.4, 3.6 and 3.7. A plaintext HTTP request can lead to a disclosure of login credentials. An attacker can perform a man-in-the-middle attack to trigger this vulnerability...

CVE-2021-34640 Securimage-WP-Fixed <= 3.5.4 Reflected Cross-Site Scripting

The Securimage-WP-Fixed WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $SERVER'PHPSELF' in the /securimage-wp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.5.4...

PT-2011-1143 · Kde +1 · Kdelibs +2

Name of the Vulnerable Software and Affected Versions: kdelibs versions 3.3.1 through 3.5.4 kdelibs versions prior to 4.12.5-r1 KDE SC versions 4.6.0 through 4.7.1 Description: The issue allows remote attackers to exploit vulnerabilities in the kdelibs package, potentially leading to a breach of...