CVE-2026-33051 Craft CMS Vulnerable to Stored XSS in Revision Context Menu

Craft CMS is a content management system CMS. In versions 5.9.0-beta.1 through 5.9.10, the revision/draft context menu in the element editor renders the creator’s fullName as raw HTML due to the use of Template::raw combined with Craft::t string interpolation. A low-privileged control panel user...

CVE-2026-32263

Craft CMS (versions 5.6.0–5.9.10) is vulnerable where parse_str-derived $settings in src/controllers/EntryTypesController.php is passed directly to Craft::configure() without cleansing via Component::cleanseConfig(). This allows injecting Yii2 behavior/event handlers through keys prefixed with "a...

STVS ProVision 跨站脚本漏洞

STVS ProVision is an advanced video management system from STVS, Inc. A cross-site scripting vulnerability exists in STVS ProVision version 5.9.10, which stems from insufficient validation of the files POST parameter input, which could allow an authenticated attacker to inject arbitrary HTML code...

CVE-2021-47724

STVS ProVision 5.9.10 contains a path traversal vulnerability that allows authenticated attackers to access arbitrary files by manipulating the files parameter in the archive download functionality. Attackers can send GET requests to /archive/download with directory traversal sequences to read...

CVE-2021-47723

STVS ProVision 5.9.10 contains a cross-site request forgery vulnerability that allows attackers to perform actions with administrative privileges by exploiting unvalidated HTTP requests. Attackers can visit malicious web sites to trigger the forge request, allowing them to create new admin users...

CVE-2021-47723 STVS ProVision Cross-Site Request Forgery (Add Admin)

STVS ProVision 5.9.10 contains a cross-site request forgery vulnerability that allows attackers to perform actions with administrative privileges by exploiting unvalidated HTTP requests. Attackers can visit malicious web sites to trigger the forge request, allowing them to create new admin users...

STVS ProVision 路径遍历漏洞

STVS ProVision is an advanced video management system from STVS Corporation. A path traversal vulnerability exists in STVS ProVision version 5.9.10, which stems from a path traversal issue in the archive download function that could lead to arbitrary file reads...

EUVD-2025-198485

Deserialization of Untrusted Data vulnerability in Icegram Email Subscribers & Newsletters email-subscribers allows Object Injection.This issue affects Email Subscribers & Newsletters: from n/a through = 5.9.10...

CVE-2025-66055

Deserialization of Untrusted Data vulnerability in Icegram Email Subscribers & Newsletters email-subscribers allows Object Injection.This issue affects Email Subscribers & Newsletters: from n/a through = 5.9.10...

PT-2025-47731

Name of the Vulnerable Software and Affected Versions Icegram Email Subscribers & Newsletters versions through 5.9.10 Description A flaw exists in Icegram Email Subscribers & Newsletters related to the deserialization of untrusted data, which can lead to object injection. This issue impacts the...

CVE-2025-12349 Email Subscribers & Newsletters <= 5.9.10 - Missing Authentication to Unauthenticated Mailing Queue Trigger

The Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin for WordPress is vulnerable to Authorization in versions up to, and including, 5.9.10. This is due to the plugin not properly verifying that a user is authorized to perform an action in the...

PT-2024-30398 · WordPress · Meta Box

Name of the Vulnerable Software and Affected Versions: Meta Box – WordPress Custom Fields Framework versions through 5.9.10 Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: F...

WordPress plugin Meta Box 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

strongSwan: Multiple Vulnerabilities

Background strongSwan is an IPSec implementation for Linux. Description Multiple vulnerabilities have been discovered in strongSwan. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...

CVE-2023-26463

strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named "public" for two different purposes within the same function. There is initially incorrect access control, later followed by an expired pointer dereference. One attack vector is sending an untrust...

PT-2023-2354 · Unknown +2 · Strongswan +2

Name of the Vulnerable Software and Affected Versions: strongSwan versions 5.9.8 through 5.9.9 Description: The issue is related to incorrect access control and an expired pointer dereference due to the use of a variable named public for two different purposes within the same function. This can...

STVS ProVision 5.9.10 - Cross-Site Request Forgery (Add Admin)

Exploit Title: STVS ProVision 5.9.10 - Cross-Site Request Forgery Add Admin Date: 19.01.2021 Exploit Author: LiquidWorm Vendor Homepage: http://www.stvs.ch STVS ProVision 5.9.10 Cross-Site Request Forgery Add Admin Vendor: STVS SA Product web page: http://www.stvs.ch Platform: Ruby Affected...

STVS ProVision 5.9.10 Cross-Site Request Forgery (Add Admin)

Summary STVS is a Swiss company specializing in development of software for digital video recording for surveillance cameras as well as the establishment of powerful and user-friendly IP video surveillance networks. Description The application interface allows users to perform certain actions via...

[SECURITY] Fedora 33 Update: kernel-5.9.10-200.fc33

The kernel meta package...

qt: files placed by attacker can influence the working directory and lead to malicious code execution

Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access...