locize 跨站脚本漏洞

Locize is an open-source browser text editing tool developed by Locize. Versions of Locize prior to 4.0.21 contained a cross-site scripting vulnerability. This vulnerability stemmed from the window.addEventListenermessage, … handler not verifying the event.origin, which could lead to cross-site...

CVE-2026-24362

Missing Authorization vulnerability in bdthemes Ultimate Post Kit ultimate-post-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Post Kit: from n/a through = 4.0.21...

PT-2026-27849

Name of the Vulnerable Software and Affected Versions bdthemes Ultimate Post Kit versions through 4.0.21 Description An authorization issue exists in bdthemes Ultimate Post Kit, allowing exploitation due to incorrectly configured access control security levels. The issue impacts the...

WordPress Ultimate Post Kit plugin <= 4.0.21 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Ultimate Post Kit versions = 4.0.21...

CVE-2025-52665

A malicious actor with access to the management network could exploit a misconfiguration in UniFi’s door access application, UniFi Access, that exposed a management API without proper authentication. This vulnerability was introduced in Version 3.3.22 and was fixed in Version 4.0.21 and later. ...

CVE-2025-52665

A malicious actor with access to the management network could exploit a misconfiguration in UniFi’s door access application, UniFi Access, that exposed a management API without proper authentication. This vulnerability was introduced in Version 3.3.22 and was fixed in Version 4.0.21 and later. ...

CVE-2025-52665

A malicious actor with access to the management network could exploit a misconfiguration in UniFi’s door access application, UniFi Access, that exposed a management API without proper authentication. This vulnerability was introduced in Version 3.3.22 and was fixed in Version 4.0.21 and later. ...

PT-2025-43553

Name of the Vulnerable Software and Affected Versions UniFi Access Application versions 3.3.22 through 3.4.31 Description A misconfiguration in the UniFi Access application exposes a management API without proper authentication. An attacker with access to the management network could exploit this...

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to improper certificate validation. An attacker can intercept secure communications by presenting a forged certificate. Remediation Upgrade github.com/mongodb/mongo-tools/common/options to version...

SUSE CVE-2004-0836

Buffer overflow in the mysqlrealconnect function in MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows remote DNS servers to cause a denial of service and possibly execute arbitrary code via a DNS response with a large address length hlength...

UBUNTU-CVE-2021-20333

Sending specially crafted commands to a MongoDB Server may result in artificial log entries being generated or for log entries to be split. This issue affects MongoDB Server v3.6 versions prior to 3.6.20; MongoDB Server v4.0 versions prior to 4.0.21 and MongoDB Server v4.2 versions prior to 4.2.1...

PT-2021-2652 · Mongodb · Mongodb Database Tools

Name of the Vulnerable Software and Affected Versions: MongoDB Database Tools versions 3.6.6 through 3.6.20 MongoDB Database Tools versions prior to 3.6.21 MongoDB Database Tools versions prior to 4.0.21 MongoDB Database Tools versions prior to 4.2.11 MongoDB Database Tools 100 versions prior to...

Media Library Free, 4.0.12, SQL Injection

Media Library Free by Ordasoft, versions 4.0.12 and previous, SQL Injection resolution: update to 4.0.21 update notice: https://ordasoft.com/News/News/media-library-security-update.html...

Joomla! Easydiscuss Cross Site Scripting

Exploit Title: Joomla Plugin Easydiscuss inside the body, everything after the will be executed in the useras browser. Works with every version up to 4.0.20 2. Proof of Concept Login with permissions to post a message, insert in the body and add any html code after that, whenever a user tries to...

Joomla Easydiscuss Component < 4.0.21 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Joomla Plugin Easydiscuss inside the body, everything after the will be executed in the user’s browser. Works with every version up to 4.0.20 2. Proof of Concept Login with permissions to post a message, insert in the body and a...

CVE-2018-5263

The StackIdeas EasyDiscuss aka comeasydiscuss extension before 4.0.21 for Joomla! allows XSS...

CVE-2018-5263

CVE-2018-5263 concerns the StackIdeas EasyDiscuss Joomla! extension (com_easydiscuss) prior to 4.0.21. The vulnerability is a cross-site scripting (XSS) flaw triggered when editing a message: injecting a payload can cause script execution in a user’s browser after the textarea closes. Affected v...

Samba 4.x < 4.0.21 / 4.1.x < 4.1.11 nmbd Remote Code Execution

Binary data 8759.prm...

Fedora 19 : samba-4.0.21-1.fc19 (2014-9132)

Update to Samba 4.0.21. CVE-2014-3560. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL...

Gentoo Security Advisory GLSA 200410-22 (MySQL)

The remote host is missing updates announced in advisory GLSA 200410-22. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...