CVE-2018-25332

GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands by exploiting weak secret token generation and insecure file upload functionality. Attackers can brute-force the Blowfish encryption key, upload a malicious JAR...

PT-2025-44720

Name of the Vulnerable Software and Affected Versions kallyas versions prior to 4.23.1 Description The kallyas theme for WordPress is susceptible to Stored Cross-Site Scripting through multiple shortcodes. Insufficient input sanitization and output escaping on user-supplied attributes allows...

WordPress Relevanssi plugin < 4.23.1 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Krugov Artyom in WordPress Plugin Relevanssi versions 4.23.1...

WordPress Relevanssi Plugin < 4.23.1 is vulnerable to Cross Site Scripting (XSS)

Software Relevanssi Type Plugin Vulnerable versions 4.23.1 Fixed in 4.23.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9021 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a86f4b44f13a Credits Krugov Artyom Required...

WordPress plugin Relevanssi 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-7486 · WordPress · Relevanssi

Name of the Vulnerable Software and Affected Versions: Relevanssi WordPress plugin versions prior to 4.23.1 Description: The issue allows for Stored XSS attacks by embedding malicious scripts, potentially leading to account takeover. This can be exploited by a remote attacker to perform cross-sit...

PT-2023-33001 · Unknown · Pocketmine-Mp

Name of the Vulnerable Software and Affected Versions: PocketMine-MP versions prior to 4.23.1 PocketMine-MP versions prior to 5.3.1 Description: An attacker could crash PocketMine-MP by sending malformed JSON in the LoginPacket. This issue occurred due to the handling of NULL types in the json...

CVE-2019-11935

Insufficient boundary checks when processing a string in mberegreplace allows access to out-of-bounds memory. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.23.1, as well as 4.24.0, 4.25.0, 4.26.0, 4.27.0, 4.28.0, and 4.28...

CVE-2019-11930

An invalid free in mbdetectorder can cause the application to crash or potentially result in remote code execution. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.23.1, as well as 4.24.0, 4.25.0, 4.26.0, 4.27.0, 4.28.0, an...

CVE-2019-11930

An invalid free in mbdetectorder can cause the application to crash or potentially result in remote code execution. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.23.1, as well as 4.24.0, 4.25.0, 4.26.0, 4.27.0, 4.28.0, an...

GitBucket 4.23.1 - Remote Code Execution Exploit

Exploit for java platform in category web applications Exploit Title: GitBucket 4.23.1 Unauthenticated RCE Software Link: https://github.com/gitbucket/gitbucket Exploit Author: Kacper Szurek Contact: https://twitter.com/KacperSzurek Website: https://security.szurek.pl/ Category: remote 1...

GitBucket 4.23.1 - Remote Code Execution

GitBucket 4.23.1 - Remote Code Execution Exploit Title: GitBucket 4.23.1 Unauthenticated RCE Date: 21-05-2018 Software Link: https://github.com/gitbucket/gitbucket Exploit Author: Kacper Szurek Contact: https://twitter.com/KacperSzurek Website: https://security.szurek.pl/ Category: remote 1...