Portainer 安全漏洞

Portainer is a lightweight user management interface developed by Portainer, open source, for managing Docker environments and Docker hosts. There were security vulnerabilities in versions of Portainer from 2.33.0 to 2.33.8, as well as in versions before 2.39.2 and 2.41.0. These vulnerabilities...

Unity Linux 20.1070e Security Update: jersey (UTSA-2026-016750)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016750 advisory. Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains a local information disclosure vulnerability. This is due to the use of the File.createTempFil...

CVE-2025-68835 WordPress Ravpage plugin <= 2.33 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in matiskiba Ravpage ravpage allows Reflected XSS.This issue affects Ravpage: from n/a through = 2.33...

WordPress plugin Ravpage has a cross-site scripting vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

CVE-2025-67542 WordPress Multi-Step Checkout for WooCommerce plugin <= 2.33 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SilkyPress Multi-Step Checkout for WooCommerce wp-multi-step-checkout allows DOM-Based XSS.This issue affects Multi-Step Checkout for WooCommerce: from n/a through = 2.33...

CVE-2025-67542 WordPress Multi-Step Checkout for WooCommerce plugin <= 2.33 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SilkyPress Multi-Step Checkout for WooCommerce wp-multi-step-checkout allows DOM-Based XSS.This issue affects Multi-Step Checkout for WooCommerce: from n/a through = 2.33...

EUVD-2024-24862

Malicious code in bioql PyPI...

WordPress plugin PiwigoPress 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

WordPress PiwigoPress plugin <= 2.33 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by muhammad yudha Patchstack Alliance in WordPress Plugin PiwigoPress versions = 2.33...

PT-2024-21984 · Unknown · Flusity-Cms

Name of the Vulnerable Software and Affected Versions: Flusity-CMS version 2.33 Description: The issue concerns Cross Site Scripting XSS in 'Custom Blocks.' Recommendations: For Flusity-CMS version 2.33, at the moment, there is no information about a newer version that contains a fix for this...

CVE-2024-25410

flusity-CMS 2.33 is vulnerable to Unrestricted Upload of File with Dangerous Type in updatesetting.php...

CVE-2024-25410

flusity-CMS 2.33 is vulnerable to Unrestricted Upload of File with Dangerous Type in updatesetting.php...

Cross site request forgery (csrf)

flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery CSRF via the component /core/tools/addplaces.php...

flusity CMS Security Vulnerability

flusity CMS is a user interaction interface solution where code can be easily changed or added. A security vulnerability exists in flusity CMS version v2.33, which was discovered to contain a cross-site request forgery CSRF vulnerability via the component /core/tools/updatecontactformsettings.php...

Cross site request forgery (csrf)

flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery CSRF via the component /core/tools/deletemenu.php...

PT-2024-20410 · Unknown · Flusity-Cms

Name of the Vulnerable Software and Affected Versions: flusity-CMS version 2.33 Description: A Cross Site Request Forgery issue allows a remote attacker to execute arbitrary code via the delete post.php endpoint. Recommendations: For flusity-CMS version 2.33, consider disabling access to the dele...

PT-2024-20409 · Unknown · Flusity-Cms

Name of the Vulnerable Software and Affected Versions: flusity-CMS version 2.33 Description: A Cross Site Request Forgery issue allows a remote attacker to execute arbitrary code via the "add customblock.php" endpoint. Recommendations: For flusity-CMS version 2.33, consider disabling access to th...

CVE-2024-24469

Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the deletepost .php...

PT-2024-2362 · Unknown · Flusity-Cms

Name of the Vulnerable Software and Affected Versions: flusity-CMS version 2.33 Description: The issue is related to a Cross-Site Request Forgery CSRF in the /core/tools/add translation.php component. This could allow an attacker to perform a CSRF attack. Recommendations: For flusity-CMS version...

Cross site request forgery (csrf)

Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the updatepost.php component...