Advisories

51 total

Status:

Year:

RO-26-002: Mailpit - Cross-Site WebSocket Hijacking (CSWSH) CVE-2026-22689

RO-26-001: Mailpit - Server-Side Request Forgery (SSRF) CVE-2026-21859

RO-20-001: Geeklog 2.2.1 - Cross-site Scripting

RO-20-002: Geeklog 2.2.1 - Blind SQL Injection

RO-20-003: IlchCMS 2.1.37 - Cross-site Scripting

RO-18-012: Gibbon v14.0.01 - Frame Injection Vulnerabilities

RO-18-001: TikiWiki 17.1 - Cross-site Scripting

RO-18-002: ImpressCMS 1.3.10 - Reflected and Stored XSS

RO-18-003: OrangeForum 1.4.0 - Open Redirection

RO-18-004: ElkArte 1.1.0 - Cross-site Scripting

RO-18-005: Plikli CMS 4.0.0 - Cross-site Scripting

RO-18-006: Plikli CMS 4.0.0 - Blind SQL Injection

RO-18-007: FreshRSS 1.11.1 - Multiple XSS

RO-18-008: Microweber 1.0.8 - Reflected XSS

RO-18-009: Eventum 3.3.4 - Open Redirection

RO-18-010: SOPlanning 1.41 - SQL Injection

RO-18-011: HTMLy - Cross-site Scripting

RO-17-001: MyLittleForum 2.3.5 - Multiple Reflected XSS

RO-17-002: SpiderFoot 2.7.1 - Multiple Reflected XSS

RO-17-003: Yii Framework 2.0.9 - Reflected XSS CVE-2018-6010

RO-16-003: Cockpit CMS 0.13.0 - Multiple Reflected XSS

RO-16-004: Cockpit CMS 0.13.0 - Remote Code Execution

RO-16-005: WP-Polls 2.73 - Reflected Cross-site Scripting CVE-2016-10936

RO-16-006: Clicky by Yoast 1.4.3 - Multiple Stored Cross-site Scripting

RO-16-007: BulletProof Security 0.53.3 - Multiple Cross-site Scripting

RO-16-001: MailPoet Newsletters 2.6.19 - Cross-site Scripting CVE-2015-7784

RO-16-002: Storytlr 1.2.0 - Multiple Reflected XSS

RO-15-011: WP Flash Player 1.3 - Multiple Cross-site Scripting

RO-15-001: Blubrry PowerPress 6.0 (WP Plugin) - XSS CVE-2015-1385

RO-15-002: Concrete5 5.7.3.1 - Multiple XSS CVE-2015-2250

RO-15-003: miniBB 3.1 - Cross-site Scripting CVE-2015-2262

RO-15-004: WordPress Twenty Fifteen Theme - DOM XSS CVE-2015-3429

RO-15-005: Google Analyticator (WP Plugin) - Multiple XSS CVE-2015-6238

RO-15-006: TestLink 1.9.13 - SQL Injection CVE-2015-7390

RO-15-007: phpMoAdmin - Cross-site Scripting

RO-15-008: phpMemAdmin - Cross-site Scripting

RO-15-009: TestLink 1.9.13 - Cross-site Scripting

RO-15-010: Booked Scheduler 2.5.15 - CSRF

RO-14-011: FlatPress 1.0.2 - Cross-site Scripting

RO-14-001: Pragyan CMS 3.0 - Blind SQL Injection

RO-14-002: Flat Nuke 3.1.2 - Cross-site Scripting

RO-14-003: OsClass 3.4.1 - Local File Inclusion (LFI) CVE-2014-6308

RO-14-004: e107 2.0 - XSS + SQL Injection

RO-14-005: Subrion CMS 3.2.2 - Cross-site Scripting CVE-2014-9120

RO-14-006: TWiki 6.0.1 - XSS (QUERYSTRING) CVE-2014-9325

RO-14-007: TWiki 6.0.1 - XSS (WebSearch) CVE-2014-9367

RO-14-008: The Bug Genie 3.2.7.1 - Cross-site Scripting

RO-14-009: Openbiz Cubi - Multiple SQL Injection

RO-14-010: Openbiz Cubi - Multiple XSS

RO-13-001: glFusion 1.3.0 - Blind SQL Injection

RO-13-002: Serendipity 1.6.2 - Cross-site Scripting

Recent Advisories

RO-26-002 (CVE-2026-22689) Mailpit - Cross-Site WebSocket Hijacking (CSWSH)
RO-26-001 (CVE-2026-21859) Mailpit - Server-Side Request Forgery (SSRF)
RO-20-001 Geeklog 2.2.1 - Cross-site Scripting
RO-20-002 Geeklog 2.2.1 - Blind SQL Injection
RO-20-003 IlchCMS 2.1.37 - Cross-site Scripting