60 matches found
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via the API contact filtering due to insufficient recursive sanitization of nested query parameters. An attacker can execute arbitrary SQL commands and potentially access sensitive data or disrupt database integrity by...
Astra Linux - уязвимость в redis
A heap overflow issue was discovered in Redis versions prior to 5.0.10, before 6.0.9, and before 6.2.0, when using a heap allocator other than jemalloc or glibc’s malloc function. This issue could lead to out-of-bound writing or the crash of the process. Essentially, this flaw does not affect the...
PT-2025-37860
Name of the Vulnerable Software and Affected Versions Ghost versions 5.99.0 through 5.130.3 Ghost versions 6.0.0 through 6.0.8 Description A Server-Side Request Forgery SSRF vulnerability exists in Ghost that allows an attacker to access internal resources. The vulnerability is present in Ghost’s...
WordPress Plugin AdForest Has Unspecified Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in WordPress plugin AdForest 6.0.9 and prior versions, which stems from...
CVE-2025-8359
The AdForest theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 6.0.9. This is due to the plugin not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticated attackers to log in as other users,...
CVE-2025-8359 AdForest <= 6.0.9 - Authentication Bypass to Admin
The AdForest theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 6.0.9. This is due to the plugin not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticated attackers to log in as other users,...
WordPress AdForest Theme <= 6.0.9 is vulnerable to Broken Authentication
Software AdForest Type Theme Vulnerable versions = 6.0.9 Fixed in 6.0.10 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2025-8359 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID f086df38edf9 Credits Tonn Required...
WordPress plugin AdForest 安全漏洞
WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in WordPress plugin AdForest 6.0.9 and prior versions, which stems from...
Linux Distros Unpatched Vulnerability : CVE-2021-3470
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap overflow issue was found in Redis in versions before 5.0.10, before 6.0.9 and before 6.2.0 when using a heap allocator other than jemalloc or glibc's...
CVE-2024-13695 Enfold <= 6.0.9 - Authenticated (Subscriber+) Server-Side Request Forgery via attachment_id
The Enfold theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.0.9 via the 'attachmentid' parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations...
WordPress plugin Essential Addons for Elementor 信息泄露漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...
CVE-2024-48743
Cross Site Scripting vulnerability in Sentry v.6.0.9 allows a remote attacker to execute arbitrary code via the z parameter...
CVE-2024-48743
Cross Site Scripting vulnerability in Sentry v.6.0.9 allows a remote attacker to execute arbitrary code via the z parameter...
CVE-2024-48743
CVE-2024-48743 affects Sentry v6.0.9, where a Cross-Site Scripting flaw in the z parameter can allow a remote attacker to execute arbitrary code. The issue is confirmed across multiple sources (NVD/Red Hat/CVE listings) with the remote-network attack vector and low complexity, but exploitation st...
Sentry 安全漏洞
Sentry is an open source bug tracking and performance monitoring platform for developers from Sentry. A security vulnerability exists in Sentry version v.6.0.9. An attacker can exploit the vulnerability to execute arbitrary code via the z parameter...
CVE-2024-48743
Cross Site Scripting vulnerability in Sentry v.6.0.9 allows a remote attacker to execute arbitrary code via the z parameter...
PT-2024-33197 · Sentry · Sentry
Name of the Vulnerable Software and Affected Versions: Sentry version 6.0.9 Description: A Cross Site Scripting issue allows a remote attacker to execute arbitrary code via the z parameter. Recommendations: For Sentry version 6.0.9, consider restricting access to the vulnerable parameter z to...
CVE-2024-10276
A vulnerability has been found in Telestream Sentry 6.0.9 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /?page=reports of the component Reports Page. The manipulation of the argument z leads to cross site scripting. The attack can be launche...
CVE-2024-10276 Telestream Sentry Reports Page page cross site scripting
A vulnerability has been found in Telestream Sentry 6.0.9 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /?page=reports of the component Reports Page. The manipulation of the argument z leads to cross site scripting. The attack can be launche...
PT-2024-11049 · WordPress · Google Language Translator
Name of the Vulnerable Software and Affected Versions: Google Language Translator plugin for WordPress versions up to, and including, 6.0.9 Description: The issue is related to Reflected Cross-Site Scripting via multiple parameters due to insufficient input sanitization and output escaping. This...