WordPress plugin ShopBuilder – Elementor WooCommerce Builder Addons 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application add-on. There is a...

WordPress Prodigy Commerce plugin <= 3.2.9 - Unauthenticated Local File Inclusion via parameters[template_name] vulnerability

Unauthenticated Local File Inclusion via parameterstemplatename vulnerability discovered by WordFence in WordPress Plugin Prodigy Commerce versions = 3.2.9...

CVE-2025-48065 Combodo iTop vulnerable to reflected XSS via objection edition form error

Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to cross-site scripting when a field with an error contains malicious content. Versions 2.7.13 and 3.2.2 protect rendered HTML content...

JLSEC-2025-102 In FFmpeg 3.2 and 4.1, a denial of service in the subtitle decoder allows attackers to hog the CPU v...

In FFmpeg 3.2 and 4.1, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because ffhtmlmarkuptoass in libavcodec/htmlsubtitles.c has a complex format argument to sscanf...

WordPress plugin Ultimate Addons for Contact Form 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability exis...

faradaysec (>=3.14.1 <=5.20.1), flask-authoob (>=0.0.21 <=0.0.34) +13 more potentially affected by CVE-2023-49438 via flask-security-too (>=3.2.0rc1 <=5.2.0)

flask-security-too PYPI version =3.2.0rc1, =3.14.1, =0.0.21, =0.3.1, =4.22.0, =6.0.1, =7.0.0, =6.0.0, =7.0.8.dev28841, =2.0.0, =3.5.6.dev19088, =1.0.3.dev126, =3.1.0, =2.1.0, =0.0.21, =1.0.2.dev51 Source cves: CVE-2023-49438 Source advisory: OSV:PYSEC-2023-248...

CVE-2021-21586

Wyse Management Suite versions 3.2 and earlier contain an absolute path traversal vulnerability. A remote authenticated malicious user could exploit this vulnerability in order to read arbitrary files on the system...

Xen has multiple vulnerabilities

Xen is an open source virtual machine monitor product developed by the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. An information disclosure, denial of...