Lucene search
K
PatchstackRecent

46624 matches found

Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress ElementsKit Elementor Addons and Templates plugin <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Custom Widget vulnerability discovered by Hardik Raval in WordPress Plugin ElementsKit Elementor addons Lite versions = 3.5.2...

6.4CVSS5.3AI score0.00249EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.5 views

WordPress Starter Templates by FancyWP plugin <= 2.0.0 - Unauthenticated Blind Server-Side Request Forgery vulnerability

Unauthenticated Blind Server-Side Request Forgery vulnerability discovered by Francesco Carlucci in WordPress Plugin Starter Templates by FancyWP versions = 2.0.0...

9.1CVSS5.3AI score0.00397EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.5 views

WordPress Simplebooklet PDF Viewer and Embedder plugin <= 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Simplebooklet PDF Viewer and Embedder versions = 1.1.2...

6.4CVSS5.3AI score0.00227EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.13 views

WordPress GDPR Cookie Compliance plugin < 4.15.7 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin GDPR Cookie Compliance versions 4.15.7...

4.8CVSS5.9AI score0.00247EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.7 views

WordPress GoZen Forms plugin <= 1.1.5 - Unauthenticated SQL Injection via emdedSc() vulnerability

Unauthenticated SQL Injection via emdedSc vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin GoZen Forms versions = 1.1.5...

7.5CVSS5.9AI score0.00361EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.4 views

WordPress MediaView plugin <= 1.1.2 - Reflected Cross-Site Scripting via id Parameter vulnerability

Reflected Cross-Site Scripting via id Parameter vulnerability discovered by johska in WordPress Plugin MediaView versions = 1.1.2...

6.1CVSS5.4AI score0.00308EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.10 views

WordPress WP01 - Speed, Security, SEO consultant plugin <= 2.6.2 - Authenticated (Subscriber+) Arbitrary File Download vulnerability

WordPress WP01 - Speed, Security, SEO consultant plugin = 2.6.2 - Authenticated Subscriber+ Arbitrary File Download vulnerability discovered by theviper17y in WordPress Plugin WP01 versions = 2.6.2...

6.5CVSS5.5AI score0.00327EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.8 views

WordPress Ultimate Dashboard plugin < 3.8.6 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Krugov Artyom in WordPress Plugin Ultimate Dashboard versions 3.8.6...

3.5CVSS5.9AI score0.00219EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.7 views

WordPress Uptodown APK Download Widget plugin <= 0.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin Uptodown APK Download Widget versions = 0.1.10...

6.4CVSS5.3AI score0.00332EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.7 views

WordPress Contact Form 7 Redirect & Thank You Page plugin <= 1.0.7 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Contact Form 7 Redirect & Thank You Page versions = 1.0.7...

6.1CVSS5.4AI score0.00347EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.5 views

WordPress Quantic Social Image Hover plugin <= 1.0.8 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Quantic Social Image Hover versions = 1.0.8...

4.3CVSS5.9AI score0.00124EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress GamiPress plugin <= 7.2.1 - Unauthenticated Arbitrary Shortcode Execution via gamipress_do_shortcode() Function vulnerability

Unauthenticated Arbitrary Shortcode Execution via gamipressdoshortcode Function vulnerability discovered by abrahack in WordPress Plugin GamiPress versions = 7.2.1...

7.3CVSS5.3AI score0.00581EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.5 views

WordPress Estatik Mortgage Calculator plugin <= 2.0.11 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Mortgage Calculator Estatik versions = 2.0.11...

6.1CVSS8.3AI score0.00424EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress Simple AL Slider plugin <= 1.2.10 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability

Reflected Cross-Site Scripting via $SERVER'PHPSELF' vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Simple AL Slider versions = 1.2.10...

6.1CVSS5.3AI score0.00211EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.5 views

WordPress Pósturinn\'s Shipping with WooCommerce plugin <= 1.3.1 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Pósturinn's Shipping with WooCommerce versions = 1.3.1...

6.1CVSS5.5AI score0.00427EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.8 views

WordPress Infility Global plugin <= 2.9.8 - Reflected Cross-Site Scripting via set_type Parameter vulnerability

Reflected Cross-Site Scripting via settype Parameter vulnerability discovered by vgo0 in WordPress Plugin Infility Global versions = 2.9.8...

6.1CVSS5.4AI score0.00354EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.9 views

WordPress Youzify plugin <= 1.3.3 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update (save_addon_key_license) vulnerability

Missing Authorization to Authenticated Subscriber+ Limited Options Update saveaddonkeylicense vulnerability discovered by Stiofan - AyeCode Ltd in WordPress Plugin Youzify versions = 1.3.3...

6.5CVSS5.5AI score0.00386EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress Stratum plugin <= 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Advanced Google Maps and Image Hotspot Widgets vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Advanced Google Maps and Image Hotspot Widgets vulnerability discovered by zer0gh0st in WordPress Plugin Stratum versions = 1.6.0...

6.4CVSS5.9AI score0.00216EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.7 views

WordPress Visual Website Collaboration, Feedback & Project Management - Atarim plugin <= 4.0.9 - Missing Authorization to Authenticated (Subscriber+) Project Page/File Deletion vulnerability

WordPress Visual Website Collaboration, Feedback & Project Management - Atarim plugin = 4.0.9 - Missing Authorization to Authenticated Subscriber+ Project Page/File Deletion vulnerability discovered by WordFence in WordPress Plugin Atarim versions = 4.0.9...

7.5CVSS5.5AI score0.0034EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.10 views

WordPress Subscriptions & Memberships for PayPal plugin <= 1.1.7 - Unauthenticated Fake Payment Creation vulnerability

Unauthenticated Fake Payment Creation vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Subscriptions & Memberships for PayPal versions = 1.1.7...

5.3CVSS5.9AI score0.00148EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.5 views

WordPress Bold Timeline Lite plugin <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' Parameter in 'bold_timeline_group' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'title' Parameter in 'boldtimelinegroup' Shortcode vulnerability discovered by zaim in WordPress Plugin Bold Timeline Lite versions = 1.2.7...

6.4CVSS5.9AI score0.00236EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.7 views

WordPress Easy 3D Viewer plugin <= 1.8.6.6 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via prettyPhoto JavaScript Library vulnerability

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via prettyPhoto JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin Easy 3D Viewer versions = 1.8.6.6...

6.4CVSS5.9AI score0.00274EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.9 views

WordPress Frontend Dashboard plugin 1.5.10 - 2.2.7 - Missing Authorization to Authenticated (Subscriber+) Account Takeover/Privilege Escalation via ajax_request Function vulnerability

WordPress Frontend Dashboard plugin 1.5.10 - 2.2.7 - Missing Authorization to Authenticated Subscriber+ Account Takeover/Privilege Escalation via ajaxrequest Function vulnerability discovered by kr0d in WordPress Plugin Frontend Dashboard versions 1.5.10-2.2.7...

8.8CVSS5.9AI score0.00383EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress Demo Importer Plus plugin <= 2.0.6 - Authenticated (Author+) Arbitrary File Upload via WXR Upload Bypass vulnerability

Authenticated Author+ Arbitrary File Upload via WXR Upload Bypass vulnerability discovered by mikemyers in WordPress Plugin Demo Importer Plus versions = 2.0.6...

8.8CVSS5.3AI score0.00464EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.7 views

WordPress Anber Elementor Addon plugin <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Banner button link vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Banner button link vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Anber Elementor Addon versions = 1.0.1...

6.4CVSS5.9AI score0.00185EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.7 views

WordPress WP BASE Booking of Appointments, Services and Events plugin < 5.0.0 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Hassan Khan Yusufzai - Splint3r7 in WordPress Plugin WP BASE Booking versions 5.0.0...

6.1CVSS5.4AI score0.00578EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.7 views

WordPress Product Table for WooCommerce plugin <= 5.0.8 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Product Table for WooCommerce versions = 5.0.8...

6.1CVSS5.3AI score0.00172EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.4 views

WordPress WoWPth plugin <= 2.0 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Hassan Khan Yusufzai - Splint3r7 in WordPress Plugin WoWPth versions = 2.0...

7.1CVSS5.9AI score0.00253EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.7 views

WordPress WP-DownloadManager plugin <= 1.68.10 - Authenticated (Administrator+) Arbitrary File Deletion vulnerability

Authenticated Administrator+ Arbitrary File Deletion vulnerability discovered by Jamshed Yergashvoyev CVE Guy - Turan Security in WordPress Plugin WP-DownloadManager versions = 1.68.10...

7.2CVSS5.9AI score0.00808EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.5 views

WordPress DeBounce Email Validator plugin <= 5.8.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by SOPROBRO in WordPress Plugin DeBounce Email Validator versions = 5.8.0...

6.1CVSS8.3AI score0.00141EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.3 views

WordPress Raptive Ads plugin <= 3.6.3 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Parasimpaticki in WordPress Plugin Raptive Ads versions = 3.6.3...

6.1CVSS5.4AI score0.00334EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress Email Subscribers plugin < 5.7.45 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Email Subscribers & Newsletters versions 5.7.45...

4.8CVSS5.9AI score0.00292EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress Shortcodes Ultimate plugin <= 7.4.5 - Authenticated (Administrator+) Server-Side Request Forgery vulnerability

Authenticated Administrator+ Server-Side Request Forgery vulnerability discovered by apolo2 in WordPress Plugin Shortcodes Ultimate versions = 7.4.5...

6.4CVSS5.9AI score0.00162EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.4 views

WordPress Shortcodes Ultimate plugin <= 7.4.2 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin Shortcodes Ultimate versions = 7.4.2...

6.4CVSS5.3AI score0.00292EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.5 views

WordPress Omnichannel for WooCommerce: Google, Amazon, eBay & Walmart Integration - Powered by Codisto plugin <= 1.3.65 - Unauthenticated Stored Cross-Site Scripting vulnerability

WordPress Omnichannel for WooCommerce: Google, Amazon, eBay & Walmart Integration - Powered by Codisto plugin = 1.3.65 - Unauthenticated Stored Cross-Site Scripting vulnerability discovered by shark3y in WordPress Plugin Omnichannel for WooCommerce versions = 1.3.65...

7.2CVSS5.4AI score0.00246EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress Post Grid, Slider & Carousel Ultimate plugin <= 1.6.10 - Authenticated (Contributor+) Local File Inclusion vulnerability

Authenticated Contributor+ Local File Inclusion vulnerability discovered by zaim in WordPress Plugin Post Grid, Slider & Carousel Ultimate versions = 1.6.10...

8.8CVSS5.3AI score0.00582EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress Push Notification for Post and BuddyPress plugin <= 2.07 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Push Notification for Post and BuddyPress versions = 2.07...

6.1CVSS5.5AI score0.00342EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.9 views

WordPress Joy Of Text Lite - SMS messaging for WordPress plugin <= 2.3.1 - Settings Update via CSRF vulnerability

WordPress Joy Of Text Lite - SMS messaging for WordPress plugin = 2.3.1 - Settings Update via CSRF vulnerability discovered by Guru Raghav Saravanan in WordPress Plugin Joy Of Text Lite versions = 2.3.1...

4.3CVSS5.9AI score0.00159EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.7 views

WordPress GDPR Cookie Compliance plugin < 4.15.7 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin GDPR Cookie Compliance versions 4.15.7...

4.8CVSS5.9AI score0.00247EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress Ads Pro plugin <= 4.89 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Ads Pro versions = 4.89...

7.5CVSS5.9AI score0.00327EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.8 views

WordPress FunnelKit plugin <= 3.13.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via wfop_phone Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via wfopphone Shortcode vulnerability discovered by zaim in WordPress Plugin Funnel Builder by FunnelKit versions = 3.13.1.2...

6.4CVSS5.9AI score0.00209EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.7 views

WordPress ZoomSounds plugin < 6.05 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by ganj in WordPress Plugin ZoomSounds versions 6.05...

9.1CVSS5.5AI score0.00382EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.5 views

WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Trash Restore vulnerability

Missing Authorization to Authenticated Subscriber+ Trash Restore vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin ELEX WordPress HelpDesk & Customer Ticketing System versions = 3.3.1...

4.3CVSS5.9AI score0.00164EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress Simple Video Management System plugin <= 1.0.4 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Simple Video Management System versions = 1.0.4...

6.1CVSS5.5AI score0.00341EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.5 views

WordPress WishSuite plugin <= 1.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'button_text' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'buttontext' Shortcode Attribute vulnerability discovered by zaim in WordPress Plugin WishSuite versions = 1.5.1...

6.4CVSS5.9AI score0.00197EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress Divi Builder plugin <= 4.27.1 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin Divi Builder versions = 4.27.1...

6.4CVSS5.3AI score0.00292EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.7 views

WordPress HandL UTM Grabber / Tracker plugin < 2.8.1 - Reflected XSS via utm_source vulnerability

Reflected XSS via utmsource vulnerability discovered by Alex Tselevich nos3curity in WordPress Plugin HandL UTM Grabber versions 2.8.1...

7.1CVSS5.3AI score0.00145EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress WP Video Lightbox plugin <= 1.9.11 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via prettyPhoto JavaScript Library vulnerability

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via prettyPhoto JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin WP Video Lightbox versions = 1.9.11...

6.4CVSS5.9AI score0.00274EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress Search Exclude plugin <= 2.4.9 - Missing Authorization to Unauthenticated Plugin Settings Modification vulnerability

Missing Authorization to Unauthenticated Plugin Settings Modification vulnerability discovered by Noah Stead TurtleBurg in WordPress Plugin Search Exclude versions = 2.4.9...

5.3CVSS5.9AI score0.00289EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.7 views

WordPress WP JobHunt plugin <= 7.1 - Unauthenticated Privilege Escalation via Email Update/Account Takeover vulnerability

Unauthenticated Privilege Escalation via Email Update/Account Takeover vulnerability discovered by Tonn in WordPress Plugin WP JobHunt versions = 7.1...

9.8CVSS8.3AI score0.00402EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities46624