CVE-2026-5790

Stored Cross-Site Scripting XSS in Stel Order v3.25.1 and earlier, located at the ‘/app/FrontController’ endpoint via the ‘legalName’ and ‘employeeID’ parameters. The lack of proper input sanitization allows an attacker to inject malicious code that is persistently stored in the database. When...

CVE-2026-5790

CVE-2026-5790 describes a stored XSS in Stel Order (v3.25.1 and earlier) at the /app/FrontController endpoint, exploitable via the legalName and employeeID parameters. Lack of input sanitization allows injection that is persisted in the database and executed in other users’ browsers, enabling the...

STEL Order 跨站脚本漏洞

STEL Order is an ERP, CRM, and online billing management platform developed by the Spanish company STEL for small and medium-sized enterprises. Versions of STEL Order prior to 3.25.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from insufficient cleaning of the...

PT-2026-40912

Stored Cross-Site Scripting XSS in Stel Order v3.25.1 and earlier, located at the ‘/app/FrontController’ endpoint via the ‘legalName’ and ‘employeeID’ parameters. The lack of proper input sanitization allows an attacker to inject malicious code that is persistently stored in the database. When...

PT-2026-40913

Unsafe object reference IDOR in Stel Order v3.25.1 and earlier versions, specifically in the ‘/app/FrontController’ endpoint, through manipulation of the ‘employeeID’ parameter. An authenticated attacker could exploit this vulnerability to access information about any employee first names, last...

EUVD-2020-7851

Malware in sbrugna...

wishlist-member-vuln-analysis

📄 Overview This repository contains a detailed analysis of a...

PT-2024-17211 · Dynamiapps · The Frontend Admin

Name of the Vulnerable Software and Affected Versions: The Frontend Admin by DynamiApps plugin for WordPress versions up to, and including, 3.25.1 Description: The issue allows unauthenticated attackers to perform SQL Injection via the orderby parameter due to insufficient escaping on the...

WordPress plugin Frontend Admin by DynamiApps SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in...

WordPress plugin WishList Member X security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-27460

A privilege escalation exists in the updater for Plantronics Hub 3.25.1 and below...

CVE-2024-27460

A privilege escalation exists in the updater for Plantronics Hub 3.25.1 and below...

HP Plantronics Hub 信息泄露漏洞

HP Plantronics Hub is a tool from Hewlett-Packard HP that provides management and control of Plantronics headsets and communication devices. A security vulnerability exists in HP Plantronics Hub version 3.25.1 and prior versions. An attacker could exploit the vulnerability to elevate privileges...

PT-2024-21911

Name of the Vulnerable Software and Affected Versions Plantronics Hub versions 3.25.1 and below Description A privilege escalation issue exists in the updater for Plantronics Hub, allowing attackers to gain elevated access. It is recommended to patch immediately and monitor for signs of compromis...

CVE-2023-43628

An integer underflow vulnerability exists in the NTRIP Stream Parsing functionality of GPSd 3.25.1dev. A specially crafted network packet can lead to memory corruption. An attacker can send a malicious packet to trigger this vulnerability...

GPSd Number Error Vulnerability

gpsd is a daemon for receiving GPS data. A numeric error vulnerability exists in GPSd version 3.25.1dev. An attacker could exploit this vulnerability to cause memory corruption via specially crafted network packets...

PT-2023-27936 · Calico · Calico Typha +1

Name of the Vulnerable Software and Affected Versions: Calico Typha versions 3.26.2 and below Calico Typha version 3.25.1 Calico Enterprise Typha versions 3.17.1 and below Calico Enterprise Typha version 3.16.3 Calico Enterprise Typha version 3.15.3 Description: The issue arises when a client TLS...

CVE-2020-15870

Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow XSS Issue 2 of 2...

Cross site scripting

Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow XSS issue 1 of 2...

CVE-2020-15871

Sonatype Nexus Repository Manager OSS/Pro version before 3.25.1 allows Remote Code Execution...