Astra Linux - уязвимость в libjdom1-java, libjdom2-java

A XXE vulnerability exists in SAXBuilder in JDOM through version 2.0.6, allowing attackers to cause a denial of service through a crafted HTTP request...

CVE-2026-7234

A weakness has been identified in BrowserOperator browser-operator-core up to 0.6.0. Affected is the function startsWith of the file scripts/componentserver/server.js. Executing a manipulation of the argument request.url can lead to path traversal. The attack can be launched remotely. The exploit...

CVE-2026-3331 Lobot Slider Administrator <= 0.6.0 - Cross-Site Request Forgery to Settings Update

The Lobot Slider Administrator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.6.0. This is due to missing or incorrect nonce validation on the fourtyslideroptionspage function. This makes it possible for unauthenticated attackers to modify...

CVE-2026-3257

UnQLite versions through 0.06 for Perl uses a potentially insecure version of the UnQLite library. UnQLite for Perl embeds the UnQLite library. Version 0.06 and earlier of the Perl module uses a version of the library from 2014 that may be vulnerable to a heap-based overflow...

CVE-2025-60183

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in silence Silencesoft RSS Reader external-rss-reader allows Stored XSS.This issue affects Silencesoft RSS Reader: from n/a through = 0.6...

WordPress plugin iXML 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

CVE-2025-14324

CVE-2025-14324 describes a JIT miscompilation in the JavaScript Engine’s JIT component affecting Firefox &lt; 146, Firefox ESR &lt; 115.31 and &lt; 140.6, and Thunderbird

CVE-2025-62986

Cross-Site Request Forgery CSRF vulnerability in FanBridge FanBridge signup fanbridge-signup allows Stored XSS.This issue affects FanBridge signup: from n/a through = 0.6...

CVE-2025-60181

Server-Side Request Forgery SSRF vulnerability in silence Silencesoft RSS Reader external-rss-reader allows Server Side Request Forgery.This issue affects Silencesoft RSS Reader: from n/a through = 0.6...

CVE-2025-60181

Server-Side Request Forgery SSRF vulnerability in silence Silencesoft RSS Reader external-rss-reader allows Server Side Request Forgery.This issue affects Silencesoft RSS Reader: from n/a through = 0.6...

CVE-2025-60181

CVE-2025-60181 is a Server-Side Request Forgery (SSRF) in Silencesoft RSS Reader (WordPress plugin Silencesoft RSS Reader, &lt;=0.6). Public details in the initial document indicate an SSRF vulnerability with a CVSS v3.1 vector of AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N and a base score of 5.4 (Mediu...

CVE-2025-60181 WordPress Silencesoft RSS Reader Plugin <= 0.6 - Server Side Request Forgery (SSRF) Vulnerability

Server-Side Request Forgery SSRF vulnerability in silence Silencesoft RSS Reader external-rss-reader allows Server Side Request Forgery.This issue affects Silencesoft RSS Reader: from n/a through = 0.6...

PT-2025-39617

Name of the Vulnerable Software and Affected Versions Silencesoft RSS Reader versions through 0.6 Description A Server-Side Request Forgery SSRF issue exists in Silencesoft RSS Reader. This allows for Server Side Request Forgery. Recommendations At the moment, there is no information about a newe...

CVE-2025-48303

Cross-Site Request Forgery CSRF vulnerability in Kevin Langley Jr. Post Type Converter post-type-converter allows Cross Site Request Forgery.This issue affects Post Type Converter: from n/a through = 0.6...

CVE-2025-48303 WordPress Post Type Converter plugin <= 0.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Kevin Langley Jr. Post Type Converter post-type-converter allows Cross Site Request Forgery.This issue affects Post Type Converter: from n/a through = 0.6...

CVE-2025-43832

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in andreyk Remote Images Grabber remote-images-grabber allows Reflected XSS.This issue affects Remote Images Grabber: from n/a through = 0.6...

CVE-2024-10831

In eosphoros-ai/db-gpt version 0.6.0, the endpoint for uploading files is vulnerable to absolute path traversal. This vulnerability allows an attacker to upload arbitrary files to arbitrary locations on the target server. The issue arises because the filekey and docfile.filename parameters are...

WordPress Custom Page Extensions Plugin <= 0.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Custom Page Extensions versions = 0.6...

MetaGPT Security Vulnerabilities

MetaGPT is a multi-agent framework from MetaGPT, Inc. A security vulnerability exists in MetaGPT version 0.6.4 and prior versions, which stems from a vulnerability that allows a malicious attacker to execute arbitrary code...

Flash Tool Security Vulnerability

Flash Tool is a small tool for creating swf files from pdfs, images and fonts and parsing data from flash files. A security vulnerability exists in Flash Tool 0.6.0 and earlier versions, which originated from allowing commands to be executed by downloading shell metacharacters in file names...