emlog 代码问题漏洞

emlog is emlog open source PHP and MySQL based on a set of CMS site building system . A code issue vulnerability exists in Emlog 2.5.19 and prior versions, which stems from an out-of-band server-side request or a server-side request forgery by uploading an SVG file that could lead to probing the...

EUVD-2025-32296

Malicious code in bioql PyPI...

EUVD-2025-32297

Malicious code in bioql PyPI...

CVE-2025-60447

A stored Cross-Site Scripting XSS vulnerability has been discovered in Emlog Pro 2.5.19. The vulnerability exists in the email template configuration component located at /admin/setting.php?action=mail, which allows administrators to input HTML code that is not properly sanitized, leading to...

CVE-2025-60448

A stored Cross-Site Scripting XSS vulnerability has been discovered in Emlog Pro 2.5.19. The vulnerability exists due to insufficient validation of SVG file uploads in the /admin/media.php component, allowing attackers to upload malicious SVG files containing JavaScript code that executes when th...

CVE-2025-60447

A stored Cross-Site Scripting XSS vulnerability has been discovered in Emlog Pro 2.5.19. The vulnerability exists in the email template configuration component located at /admin/setting.php?action=mail, which allows administrators to input HTML code that is not properly sanitized, leading to...

CVE-2025-60448

A stored Cross-Site Scripting XSS vulnerability has been discovered in Emlog Pro 2.5.19. The vulnerability exists due to insufficient validation of SVG file uploads in the /admin/media.php component, allowing attackers to upload malicious SVG files containing JavaScript code that executes when th...

CVE-2025-60447

A stored Cross-Site Scripting XSS vulnerability has been discovered in Emlog Pro 2.5.19. The vulnerability exists in the email template configuration component located at /admin/setting.php?action=mail, which allows administrators to input HTML code that is not properly sanitized, leading to...

PT-2025-40526

Name of the Vulnerable Software and Affected Versions Emlog Pro version 2.5.19 Description A stored Cross-Site Scripting XSS issue exists due to inadequate validation of SVG file uploads within the /admin/media.php component. This allows attackers to upload malicious SVG files containing JavaScri...

WordPress plugin Search & Filter Pro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2025-21608

Meshtastic is an open source mesh networking solution. In affected firmware versions crafted packets over MQTT are able to appear as a DM in client to a node even though they were not decoded with PKC. This issue has been addressed in version 2.5.19 and all users are advised to upgrade. There are...

PT-2025-6926 · Unknown · Meshtastic

Name of the Vulnerable Software and Affected Versions: Meshtastic versions prior to 2.5.19 Description: Meshtastic is an open source mesh networking solution. In affected firmware versions, crafted packets over MQTT can appear as a DM in client to a node even though they were not decoded with PKC...

PT-2024-14965 · WordPress · Html5 Video Player

Name of the Vulnerable Software and Affected Versions: Html5 Video Player WordPress plugin versions prior to 2.5.19 Description: The issue arises from the Html5 Video Player WordPress plugin not sanitizing and escaping some of its player settings, combined with missing capability checks around th...

WordPress Plugin Html5 Video Player Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...