CVE-2026-2579 WowStore – Store Builder & Product Blocks for WooCommerce <= 4.4.3 - Unauthenticated SQL Injection via 'search' Parameter

The WowStore – Store Builder & Product Blocks for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the ‘search’ parameter in all versions up to, and including, 4.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing S...

CVE-2025-67718 Formio improperly authorized permission elevation through specially crafted request path

Form.io is a combined Form and API platform for Serverless applications. Versions 3.5.6 and below and 4.0.0-rc.1 through 4.4.2 contain a flaw in path handling which could allow an attacker to access protected API endpoints by sending a crafted request path. An unauthenticated or unauthorized...

PT-2022-4705 · Triangle Microworks · Triangle Microworks 60870-6 (Iccp/Tase.2) Library +1

Name of the Vulnerable Software and Affected Versions: Triangle Microworks IEC 61850 Library versions 11.2.0 and earlier Triangle Microworks IEC 61850 Library C++, C, or Java language library versions 5.0.1 and earlier Triangle Microworks 60870-6 ICCP/TASE.2 Library C++ language library versions...

CVE-2017-18094

Various resources in Atlassian Fisheye and Crucible before version 4.4.3 the fixed version for 4.4.x and 4.5.0 allow remote attackers with administrative privileges to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability through the base path setting of a configured fi...