CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-54679 – WordPress Neon Channel Product Customizer Free Plugin <= 2.0 - Arbitrary Content Deletion Vulnerability
https://notcve.org/view.php?id=CVE-2025-54679
14 Aug 2025 — Missing Authorization vulnerability in vertim Neon Channel Product Customizer Free allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Neon Channel Product Customizer Free: from n/a through 2.0. The Neon Channel Product Customizer Free plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.0. This makes it possible for unauthenticated attackers to delete arbitrary content. • https://patchstack.com/database/wordpress/plugin/neon-channel-product-customizer-free/vulnerability/wordpress-neon-channel-product-customizer-free-plugin-2-0-arbitrary-content-deletion-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32565 – WordPress Neon Product Designer Plugin <= 2.1.1 - Unauthenticated SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2025-32565
09 Apr 2025 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in vertim Neon Product Designer allows SQL Injection. This issue affects Neon Product Designer: from n/a through 2.1.1. The Neon Product Designer plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 2.1.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers ... • https://patchstack.com/database/wordpress/plugin/neon-product-designer-for-woocommerce/vulnerability/wordpress-neon-product-designer-plugin-2-1-1-unauthenticated-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22799 – WordPress Neon Product Designer Plugin <= 2.1.1 - SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2025-22799
13 Jan 2025 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Vertim Coders Neon Product Designer allows SQL Injection.This issue affects Neon Product Designer: from n/a through 2.1.1. The Neon Product Designer plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 2.1.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attack... • https://patchstack.com/database/wordpress/plugin/neon-product-designer-for-woocommerce/vulnerability/wordpress-neon-product-designer-plugin-2-1-1-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 1CVE-2007-0496 – Neon Labs Website 3.2 - 'nl.php?g_strRootDir' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2007-0496
25 Jan 2007 — PHP remote file inclusion vulnerability in lib/nl/nl.php in Neon Labs Website (nlws) 3.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the g_strRootDir parameter. Vulnerabilidad de inclusión remota de archivo en PHP en lib/nl/nl.php de Neon Labs Website (nlws) 3.2 y versiones anteriores permite a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro g_strRootDir. • https://www.exploit-db.com/exploits/3163 •
CVSS: 7.8EPSS: 2%CPEs: 3EXPL: 0CVE-2007-0157 – Mandriva Linux Security Advisory 2007.013
https://notcve.org/view.php?id=CVE-2007-0157
09 Jan 2007 — Array index error in the uri_lookup function in the URI parser for neon 0.26.0 to 0.26.2, possibly only on 64-bit platforms, allows remote malicious servers to cause a denial of service (crash) via a URI with non-ASCII characters, which triggers a buffer under-read due to a type conversion error that generates a negative index. Error de índice de array en la función uri_lookup del intérprete de URI para neon 0.26.0 hasta 0.26.2, posiblemente sólo en plataformas de 54 bits, permite a servidores remotos malic... • http://bugs.debian.org/cgi-bin/bugreport.cgi/neon26_0.26.2-3_to_mdx1.diff?bug=404723%3Bmsg=5%3Batt=2 •
CVSS: 7.5EPSS: 7%CPEs: 1EXPL: 2CVE-2006-1941 – Neon Responders 5.4 - Remote Clock Synchronization Denial of Service
https://notcve.org/view.php?id=CVE-2006-1941
20 Apr 2006 — Neon Responder 5.4 for LANsurveyor allows remote attackers to cause a denial of service (application outage) via a crafted Clock Synchronisation packet that triggers an access violation. • https://www.exploit-db.com/exploits/27668 •