CVE-2025-14224

A vulnerability was found in Yottamaster DM2, DM3 and DM200 up to 1.2.23/1.9.12. Affected by this issue is some unknown functionality of the component File Upload. Performing manipulation results in path traversal. Remote exploitation of the attack is possible. The exploit has been made public an...

WordPress atec Debug plugin <= 1.2.22 - Authenticated (Administrator+) Remote Code Execution vulnerability

Authenticated Administrator+ Remote Code Execution vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin atec Debug versions = 1.2.22...

WordPress Talemy Theme <= 1.2.23 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Bonds in WordPress Theme Talemy versions = 1.2.23...

CVE-2025-24587 WordPress Email Subscription Popup plugin <= 1.2.23 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Nks Email Subscription Popup email-subscribe allows Blind SQL Injection.This issue affects Email Subscription Popup: from n/a through = 1.2.23...

WordPress Email Subscription Popup plugin <= 1.2.23 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Webula in WordPress Plugin Email Subscription Popup versions = 1.2.23...

PT-2025-5424 · I Thirteen Web Solution · I Thirteen Web Solution Email Subscription Popup

Name of the Vulnerable Software and Affected Versions: I Thirteen Web Solution Email Subscription Popup versions 1.2.23 and earlier Description: The issue is related to an Improper Neutralization of Special Elements used in an SQL Command, also known as SQL Injection, which allows Blind SQL...

Command injection

Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users. In affected versions a command injection vulnerability allows an unauthenticated user to execute arbitrary code on a server running Cacti, if a specific data...

CVE-2022-46169

Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users. In affected versions a command injection vulnerability allows an unauthenticated user to execute arbitrary code on a server running Cacti, if a specific data...

PT-2022-6138

Name of the Vulnerable Software and Affected Versions Cacti versions prior to 1.2.23 Description A command injection vulnerability in Cacti allows an unauthenticated user to execute arbitrary code on a server running Cacti, if a specific data source was selected for any monitored device. The...

TYPO3 跨站脚本漏洞

TYPO3 is a free and open source content management system framework CMS/CMF from TYPO3 Association in Switzerland. A security vulnerability exists in TYPO3 versions prior to 1.2.23. No information about this vulnerability is available at this time, please stay tuned to CNNVD or the vendor...

Updated tomcat packages fix security vulnerabilities

Updated tomcat packages fix security vulnerabilities: The HTTP/2 implementation accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet...

xmlsec XML External Entity Injection Vulnerability

xmlsec is a C-based library for implementing XML security standards. An XML external entity injection vulnerability exists in xmlsec 1.2.23 and earlier versions. An attacker could exploit this vulnerability to obtain information or cause a denial of service with the help of a specially crafted...

UBUNTU-CVE-2017-1000061

xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted input documents, resulting in possible information disclosure or denial of service...

CVE-2017-1000061

XML Security Library (xmlsec) 1.2.23 and earlier is vulnerable to XML External Entity Expansion when parsing crafted input, enabling information disclosure or denial of service. The root cause is improper handling of external entities in the library’s XML processing. Affected environments are doc...

PT-2017-4096 · Aleksey Sanin +4 · Xmlsec +4

Name of the Vulnerable Software and Affected Versions: xmlsec versions 1.2.23 and earlier Description: The issue is related to the incorrect restriction of XML links to external objects in the xmlsec crypt library. This can allow a remote attacker to impact the confidentiality and availability of...

CVE-2016-9318

libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity XXE attacks via a crafte...

CVE-2016-9318

libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity XXE attacks via a crafte...

CVE-1999-1085

The CVE-1999-1085 issue affects SSH1 protocol implementations (notably OpenSSH and SSH1-supporting SSH stacks) in CBC or CFB mode. A CRC-32 checksum weakness enables a known-plaintext attack to insert arbitrary data into an existing SSH stream between client and server, potentially allowing an at...

CVE-1999-1085

SSH 1.2.25, 1.2.23, and other versions, when used in in CBC Cipher Block Chaining or CFB Cipher Feedback 64 bits modes, allows remote attackers to insert arbitrary data into an existing stream between an SSH client and server by using a known plaintext attack and computing a valid CRC-32 checksum...