36 matches found
CVE-2018-25377 Flash Slideshow Maker Professional 5.20 Buffer Overflow SEH
Flash Slideshow Maker Professional 5.20 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to execute arbitrary code by exploiting structured exception handling. Attackers can craft a malicious payload and paste it into the Name and Code fields of the...
CVE-2025-36592
Dell Secure Connect Gateway SCG Policy Manager, versions 5.20. 5.22, 5.24, 5.26, 5.28, contains an Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading...
CVE-2025-36592
Dell Secure Connect Gateway SCG Policy Manager, versions 5.20. 5.22, 5.24, 5.26, 5.28, contains an Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading...
PT-2025-44417
Name of the Vulnerable Software and Affected Versions Dell Secure Connect Gateway SCG Policy Manager versions 5.20 through 5.28 Description Dell Secure Connect Gateway SCG Policy Manager contains an Improper Neutralization of Input During Web Page Generation issue, also known as Cross-site...
EUVD-2022-15802
Malicious code in bioql PyPI...
EUVD-2025-27942
Malicious code in bioql PyPI...
CVE-2025-3895
Token used for resetting passwords in MegaBIP software are generated using a small space of random values combined with a queryable value. It allows an unauthenticated attacker who know user login names to brute force these tokens and change account passwords including these belonging to...
CVE-2025-3894
Text editor embedded into MegaBIP software does not neutralize user input allowing Stored XSS attacks on other users. In order to use the editor high privileges are required. Version 5.20 of MegaBIP fixes this issue...
CVE-2025-3893
While editing pages managed by MegaBIP a user with high privileges is prompted to give a reasoning for performing this action. Input provided by the the user is not sanitized, leading to SQL Injection vulnerability. Version 5.20 of MegaBIP fixes this issue...
CVE-2025-3894
Text editor embedded into MegaBIP software does not neutralize user input allowing Stored XSS attacks on other users. In order to use the editor high privileges are required. Version 5.20 of MegaBIP fixes this issue...
CVE-2025-3895
Token used for resetting passwords in MegaBIP software are generated using a small space of random values combined with a queryable value. It allows an unauthenticated attacker who know user login names to brute force these tokens and change account passwords including these belonging to...
CVE-2025-3893
While editing pages managed by MegaBIP a user with high privileges is prompted to give a reasoning for performing this action. Input provided by the the user is not sanitized, leading to SQL Injection vulnerability. Version 5.20 of MegaBIP fixes this issue...
CVE-2025-3894
CVE-2025-3894 concerns MegaBIP: the text editor embedded in MegaBIP does not neutralize user input, enabling Stored XSS attacks across users. The issue requires high privileges to use the editor, with impact limited to if exploited in authenticated contexts as described; affected version detected...
CVE-2025-3894 Stored XSS in MegaBIP
Text editor embedded into MegaBIP software does not neutralize user input allowing Stored XSS attacks on other users. In order to use the editor high privileges are required. Version 5.20 of MegaBIP fixes this issue...
CVE-2025-3894 Stored XSS in MegaBIP
Text editor embedded into MegaBIP software does not neutralize user input allowing Stored XSS attacks on other users. In order to use the editor high privileges are required. Version 5.20 of MegaBIP fixes this issue...
CVE-2025-3893 SQL Injection in MegaBIP
While editing pages managed by MegaBIP a user with high privileges is prompted to give a reasoning for performing this action. Input provided by the the user is not sanitized, leading to SQL Injection vulnerability. Version 5.20 of MegaBIP fixes this issue...
CVE-2025-3893 SQL Injection in MegaBIP
While editing pages managed by MegaBIP a user with high privileges is prompted to give a reasoning for performing this action. Input provided by the the user is not sanitized, leading to SQL Injection vulnerability. Version 5.20 of MegaBIP fixes this issue...
CVE-2025-3893
CVE-2025-3893 affects MegaBIP; a high-privilege user can trigger an SQL Injection due to unsanitized input when asked to justify editing actions. Root cause: user-provided input is not sanitized, enabling injection into the database. Reported impacts in the CVSS metrics indicate high confidential...
CVE-2023-23713
Cross-Site Request Forgery CSRF vulnerability in Manoj Thulasidas Theme Tweaker plugin = 5.20 versions...
MegaBIP 跨站脚本漏洞
MegaBIP is a software for creating BIP websites from MegaBIP, Inc. A cross-site scripting vulnerability exists in versions prior to MegaBIP 5.20 that stems from a text editor that fails to neutralize user input and could lead to a stored cross-site scripting attack...