Commvault CommCell DownloadCenterUploadHandler Arbitrary File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

WordPress Sprout Invoices plugin cross-site scripting vulnerability

WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. WordPress Sprout Invoices plugin has a cross-site scripting vulnerability in versions prior to 19.9.7, whic...

WordPress My Tickets plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. WordPress My Tickets plugin in versions prior to 1.8.31 suffers from a cross-site scripting vulnerability...

WordPress Elementor plugin cross-site scripting vulnerability (CNVD-2021-93366)

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in the WordPress Elementor plugin that stems from a lack of data validation...

WordPress QR Redirector plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress QR Redirector plugin in versions prior to 1.6.1,...

WordPress Testimonial Plugin Cross-Site Scripting Vulnerability

WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL.The WordPress Testimonial plugin has a cross-site scripting vulnerability in versions prior to 1.6.0,...

WordPress Insert Pages plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. WordPress Insert Pages plugin has a cross-site scripting vulnerability in versions prior to 3.7.0, whi...

Adobe Experience Manager Access Control Error Vulnerability

Adobe Experience Manager AEM is a content management solution from Adobe that can be used to build websites, mobile applications, and forms. The solution supports mobile content management, marketing and sales campaign management, and multi-site management, etc. Adobe Experience Manager in versio...

WordPress Accept Donations with PayPal plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. WordPress Accept Donations with PayPal plugin has a cross-site scripting vulnerability in versions prior to 1.3.2, which stems...

WordPress Helpful Plugin Cross-Site Scripting Vulnerability

WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress Helpful plugin in versions prior to 4.4.59 suffers from a cross-site scripting vulnerability that ste...

SmarterMail Cross-Site Scripting Vulnerability

SmarterMail is a mail server software from Smartertools, Inc. The software supports spam filtering, statistics, and simple mail transfer protocol SMTP authentication.SmarterMail has a cross-site scripting vulnerability in 16.x through 100.x. The vulnerability stems from a lack of data validation...

Moddable SDK 缓冲区错误漏洞

The Moddable SDK is a combination of development tools and runtime software used to create applications for microcontrollers. a security vulnerability exists in the Moddable SDK, which stems from a networked system or product that does not properly validate data boundaries when performing...

Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the saveConfig method. The...

Kirby Cross-Site Scripting Vulnerability (CNVD-2021-95256)

Kirby is a file-based content management system CMS. Kirby suffers from a cross-site scripting vulnerability that stems from the product's failure to validate input data, which could be exploited by attackers to execute client-side code...

WordPress 安全漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in the WordPress Elementor plugin that stems from a lack of data validation...

WordPress 跨站脚本漏洞

WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL.The WordPress Testimonial plugin has a cross-site scripting vulnerability in versions prior to 1.6.0,...

Smartertools SmarterTools SmarterMail 跨站脚本漏洞

SmarterMail is a mail server software from Smartertools, Inc. The software supports spam filtering, statistics, and simple mail transfer protocol SMTP authentication.SmarterMail has a cross-site scripting vulnerability in 16.x through 100.x. The vulnerability stems from a lack of data validation...

Oracle Linux 8 : sqlite (ELSA-2021-4396)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-4396 advisory. - Removing fix for CVE-2019-19645 unaffected - Removing fix for CVE-2019-19880 unaffected - Fixed CVE-2019-5827 1710184 - Fixed CVE-2019-13750 1786510 ...

Open Design Alliance Drawings SDK Buffer Overflow Vulnerability (CNVD-2021-89163)

Open Design Alliance Drawings SDK is a software development kit for drawing design applications from Open Design Alliance, Inc. The development package provides access to data in .dwg and .dgn through a convenient, object-oriented API that provides a C API, support for repair files, support for t...

Open Design Alliance Drawings SDK has an unspecified vulnerability (CNVD-2021-89166)

Open Design Alliance Drawings SDK is a software development kit for drawing design applications from Open Design Alliance, Inc. The package provides access to data in .dwg and .dgn through a convenient, object-oriented API that provides a C API, support for repair files, support for the . An "out...