CVE-2022-37401

Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in OpenOffice existed where master key was poorly encoded resulting in weakening its entropy from...

CVE-2025-62963

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Estatik Estatik estatik allows DOM-Based XSS.This issue affects Estatik: from n/a through = 4.3.1...

CVE-2025-62963 WordPress Estatik plugin <= 4.3.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Estatik Estatik estatik allows DOM-Based XSS.This issue affects Estatik: from n/a through = 4.3.1...

CVE-2025-62963 WordPress Estatik plugin <= 4.3.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Estatik Estatik estatik allows DOM-Based XSS.This issue affects Estatik: from n/a through = 4.3.1...

EUVD-2024-40632

Malicious code in bioql PyPI...

EUVD-2023-40276

Malicious code in bioql PyPI...

Controller/Backend/FileEditController.php and Controller/Backend/FilemanagerController.php in Bolt before 4.1.13 allow Directory Traversal.

...

CVE-2025-32118

Unrestricted Upload of File with Dangerous Type vulnerability in NiteoThemes CMP – Coming Soon & Maintenance cmp-coming-soon-maintenance allows Using Malicious Files.This issue affects CMP – Coming Soon & Maintenance: from n/a through = 4.1.14...

WordPress plugin CMP – Coming Soon & Maintenance 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in WordPres...

Access Control Bypass

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Access Control Bypass due to insufficient permission checks during the account deletion process. Remediation Upgrade moodle/moodle to version 4.1.13, 4.2.10, 4.3.7, 4.4.3 or higher. References -...

WordPress plugin Podlove Podcast Publisher 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

WordPress plugin Podlove Podcast Publisher 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A cross-site scripting...

WordPress Podlove Podcast Publisher plugin <= 4.1.13 - CSRF to Remote Code Execution (RCE) vulnerability

CSRF to Remote Code Execution RCE vulnerability discovered by Muhammad Daffa Patchstack Alliance in WordPress Plugin Podlove Podcast Publisher versions = 4.1.13...

WordPress Podlove Podcast Publisher plugin <= 4.1.13 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Daffa Patchstack Alliance in WordPress Plugin Podlove Podcast Publisher versions = 4.1.13...

WordPress Podlove Podcast Publisher Plugin <= 4.1.13 is vulnerable to Cross Site Scripting (XSS)

Software Podlove Podcast Publisher Type Plugin Vulnerable versions = 4.1.13 Fixed in 4.1.14 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43983 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 71f42a372118 Credits Muhammad Daffa Required...

Beekeeper Studio 安全漏洞

Beekeeper Studio is a cross-platform, open source SQL editor and database manager from Beekeeper Studio, Inc. It is available for Linux, Mac and Windows. A security vulnerability exists in Beekeeper Studio version 4.1.13 and prior versions. A remote attacker can exploit this vulnerability to...

Debian dla-3761 : spip - security update

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3761 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3761-1 [email protected] https://www.debian.org/lts/security/...

SPIP < 4.1.13, 4.2.x < 4.2.7 XSS Vulnerability

SPIP is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:spip:spip";...

PT-2024-14522 · Spip · Spip

Name of the Vulnerable Software and Affected Versions: SPIP versions 4.1.3 and earlier SPIP versions 4.2.x through 4.2.6 Description: The issue arises from the ecrire/public/assembler.php file in SPIP, where input from request is not restricted to safe characters, such as alphanumerics, allowing...

Advisory ROSA-SA-2023-2304

software: netty 4.1.13 WASP: ROSA-CHROME packageevrstring: netty-4.1.13-13.src.rpm CVE-ID: CVE-2023-34462 BDU-ID: 2023-05355 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the SniHandler component of the Netty networking software tool is associated with uncontrolled resource consumption...