PT-2026-31263

Name of the Vulnerable Software and Affected Versions Andrew ShopWP versions through 5.2.4 Description Missing authorization allows exploiting incorrectly configured access control security levels. Recommendations Update to a version greater than 5.2.4...

WordPress Ninja Tables plugin <= 5.2.4 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin Ninja Tables versions = 5.2.4...

WordPress plugin Ninja Tables 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

CVE-2025-1030 Sensitive Data Exposure in Utarit Informatics' SoliClub

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Utarit Informatics Services Inc. SoliClub allows Query System for Information. This issue affects SoliClub: from 5.2.4 before 5.3.7...

CVE-2025-1029 Hardcoded Credentials in Utarit Informatics' SoliClub

Use of Hard-coded Credentials vulnerability in Utarit Information Services Inc. SoliClub allows Read Sensitive Constants Within an Executable. This issue affects SoliClub: from 5.2.4 before 5.3.7...

CVE-2025-1029

CVE-2025-1029 concerns Utarit Information Services Inc. SoliClub, where hard-coded credentials permit reading sensitive constants from the executable. Multiple sources (NVD, Red Hat, CVE/CVEList, CNNVD, EUVD, etc.) consistently describe impact for SoliClub versions 5.2.4 through 5.3.7. The vulner...

PT-2025-52231

Authorization Bypass Through User-Controlled Key vulnerability in Utarit Informatics Services Inc. SoliClub allows Functionality Misuse.This issue affects SoliClub: from 5.2.4 before 5.3.7...

CVE-2025-66550

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.17 and 5.2.4, when a malicious user creates a calendar event with a crafted attachment that links to a download link of a file on the same Nextcloud server, the file would be downloaded without the user confirming the action. This...

CVE-2025-66550

CVE-2025-66550 affects Nextcloud Calendar prior to versions 4.7.17 and 5.2.4. A malicious user could create a calendar event with an attachment that links to a download URL for a file on the same Nextcloud server, causing the file to be downloaded without user confirmation. The issue is resolved ...

PT-2025-43606

Name of the Vulnerable Software and Affected Versions The Real Cookie Banner versions up to and including 5.2.4 Description The Real Cookie Banner: GDPR & ePrivacy Cookie Consent plugin for WordPress is susceptible to Server-Side Request Forgery. This is caused by inadequate validation of the...

CVE-2025-8695

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Netcad NetGIS Server allows Reflected XSS. This issue affects NetGIS Server: from 5.2.4 through 22.08.2025...

CVE-2025-8695

CVE-2025-8695 is a Reflected XSS in Netcad NetGIS Server caused by improper neutralization of input during web page generation. Affected software: NetGIS Server versions 5.2.4 through 22.08.2025. The connected documents do not specify an available patch or fixed version. No exploitation details a...

Netcad NetGIS Server 跨站脚本漏洞

Netcad NetGIS Server is a geospatial data distribution server from Netcad Turkey. A cross-site scripting vulnerability exists in Netcad NetGIS Server versions 5.2.4 through 22.08.2025, which stems from improper input neutralization and could lead to a reflective cross-site scripting attack...

CVE-2023-45859

In Hazelcast through 4.1.10, 4.2 through 4.2.8, 5.0 through 5.0.5, 5.1 through 5.1.7, 5.2 through 5.2.4, and 5.3 through 5.3.2, some client operations don't check permissions properly, allowing authenticated users to access data stored in the cluster...

PT-2024-14917 · Brivo · Brivo Acs100 +1

Name of the Vulnerable Software and Affected Versions: Brivo ACS100, ACS300 versions 5.2.4 through 6.2.4.3 Description: The issue is related to Insufficiently Protected Credentials and Improper Access Control, allowing password recovery exploitation and bypassing physical security. This can be...

Cross site scripting

Cross-site scripting vulnerability in LuxCal Web Calendar prior to 5.2.4M MySQL version and LuxCal Web Calendar prior to 5.2.4L SQLite version allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is accessing the product...

Plone 安全漏洞

Plone is an open source content management system CMS built on the Zope application server. An arbitrary file write vulnerability exists in Plone 5.2.4 and earlier versions. A remote attacker can exploit this vulnerability to perform disk I/O via specially crafted keyword arguments converted by...

IBM Security Identity Governance and Intelligence Information Disclosure Vulnerability

IBM Security Identity Governance and Intelligence IGI is a suite of identity management and governance solutions from IBM in the United States. The product includes features such as lifecycle management, access risk assessment and identity management. An information disclosure vulnerability exist...