579 matches found
CVE-2019-2670
Vulnerability in the Oracle Marketing component of Oracle E-Business Suite subcomponent: Marketing Administration. Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker...
CVE-2017-16892
In Bftpd before 4.7, there is a memory leak in the file rename function...
CVE-2012-1227
Multiple cross-site request forgery CSRF vulnerabilities in admin.php in pluck 4.7 allow remote attackers to hijack the authentication of admins for requests that 1 modify the admin email address or 2 modify the blog title via a settings action; 3 add a page via an editpage action, or 4 add a...
CVE-2025-32674
CVE-2025-32674 is a Reflected XSS in the WordPress plugin WPFactory Product Excel Import Export & Bulk Edit for WooCommerce (
CVE-2025-32674 WordPress Product Excel Import Export & Bulk Edit for WooCommerce plugin <= 4.7 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Product Excel Import Export & Bulk Edit for WooCommerce webd-woocommerce-product-excel-importer-bulk-edit allows Reflected XSS.This issue affects Product Excel Import Export & Bulk Edit f...
Important: Red Hat Security Advisory: RHACS 4.7 security update
Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes RHACS. The updated image includes security fixes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a...
CVE-2025-31905
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mark O'Donnell Team Rosters team-rosters allows Reflected XSS.This issue affects Team Rosters: from n/a through = 4.7...
CVE-2025-31905
CVE-2025-31905 is a Reflected XSS in the WordPress plugin Team Rosters (NotFound) affecting versions up to and including 4.7 . The issue is caused by improper input neutralization during web page generation. Exploitation status or exact payloads are not detailed in the provided documents. No reme...
CVE-2025-30867
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SearchIQ SearchIQ searchiq allows Stored XSS.This issue affects SearchIQ: from n/a through = 4.7...
CVE-2025-30867
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SearchIQ SearchIQ searchiq allows Stored XSS.This issue affects SearchIQ: from n/a through = 4.7...
CVE-2024-12920 FoodBakery | Delivery Restaurant Directory WordPress Theme <= 4.7 - Missing Authorization in Multiple Functions
The FoodBakery | Delivery Restaurant Directory WordPress Theme theme for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the foodbakeryvarbackupfiledelete, foodbakerywidgetfiledelete, themeoptionsave, exportwidgetsettings,...
CVE-2024-13350
The SearchIQ – The Search Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siqsearchbox' shortcode in all versions up to, and including, 4.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...
CVE-2025-26624
CVE-2025-26624 describes a DLL hijacking/local privilege escalation in Rufus. Affected: Rufus 4.6.2208 and earlier. Root cause: the launcher loads a malicious cfgmgr32.dll from the same directory via side-loading when the executable has elevated privileges. Impact: enables loading/execution of a ...
CVE-2025-26624 Local Privilege Escalation in Rufus 4.6 and previous versions
Rufus is a utility that helps format and create bootable USB flash drives. A DLL hijacking vulnerability in Rufus 4.6.2208 and earlier versions allows an attacker loading and executing a malicious DLL with escalated privileges since the executable has been granted higher privileges during the tim...
CVE-2025-26624 Local Privilege Escalation in Rufus 4.6 and previous versions
Rufus is a utility that helps format and create bootable USB flash drives. A DLL hijacking vulnerability in Rufus 4.6.2208 and earlier versions allows an attacker loading and executing a malicious DLL with escalated privileges since the executable has been granted higher privileges during the tim...
WordPress WP Foodbakery plugin <= 4.7 - Authentication Bypass in foodbakery_parse_request vulnerability
Authentication Bypass in foodbakeryparserequest vulnerability discovered by Tonn in WordPress Plugin FoodBakery versions = 4.7...
CVE-2024-56250
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Greg Ross Just Writing Statistics just-writing-statistics allows SQL Injection.This issue affects Just Writing Statistics: from n/a through = 4.7...
WordPress plugin Team Rosters 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
CVE-2024-56250
CVE-2024-56250 concerns the WordPress plugin Just Writing Statistics (vulnerable up to 4.7). The issue is described as an SQL Injection caused by improper neutralization of input in SQL commands, enabling attacker-controlled input to affect database queries. Public references (Red Hat and Wordfen...
PT-2025-3216 · Unknown · Gregross Just Writing Statistics
Name of the Vulnerable Software and Affected Versions: GregRoss Just Writing Statistics versions n/a through 4.7 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection, which can...