PT-2026-40265

Name of the Vulnerable Software and Affected Versions FortiAuthenticator versions 8.0.0 through 8.0.2 FortiAuthenticator versions 6.6.0 through 6.6.8 FortiAuthenticator versions 6.5.0 through 6.5.6 Description An improper access control issue in API endpoints allows an unauthenticated remote...

WordPress Easy Social Feed plugin <= 6.6.7 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin Easy Social Feed versions = 6.6.7...

CVE-2024-37459

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in PayPlus LTD PayPlus Payment Gateway allows Reflected XSS.This issue affects PayPlus Payment Gateway: from n/a through 6.6.8...

PT-2024-27569 · Unknown · Payplus Payment Gateway

Name of the Vulnerable Software and Affected Versions: PayPlus Payment Gateway versions n/a through 6.6.8 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS. Recommendations: For...

An issue was discovered in the Linux kernel before 6.6.8. rose_ioctl in net/rose/af_rose.c has a use-after-free because of a rose_accept race condition.

...

Information disclosure

An issue was discovered in DonLinkage 6.6.8. SQL injection in /pages/proxy/php.php and /pages/proxy/add.php can be exploited via specially crafted input, allowing an attacker to obtain information from a database. The vulnerability can only be triggered by an authorized user...

CVE-2018-17092

An issue was discovered in DonLinkage 6.6.8. SQL injection in /pages/proxy/php.php and /pages/proxy/add.php can be exploited via specially crafted input, allowing an attacker to obtain information from a database. The vulnerability can only be triggered by an authorized user...

Cross site scripting

An issue was discovered in DonLinkage 6.6.8. The modules /pages/bazy/bazyadresow.php and /pages/proxy/add.php are vulnerable to stored XSS that can be triggered by closing followed by tags...

CVE-2018-17090

An issue was discovered in DonLinkage 6.6.8. The modules /pages/bazy/bazyadresow.php and /pages/proxy/add.php are vulnerable to stored XSS that can be triggered by closing followed by tags...

CVE-2018-17091

An issue was discovered in DonLinkage 6.6.8. It allows remote attackers to obtain potentially sensitive information via a direct request for files/temporary.txt...

CVE-2018-17090

An issue was discovered in DonLinkage 6.6.8. The modules /pages/bazy/bazyadresow.php and /pages/proxy/add.php are vulnerable to stored XSS that can be triggered by closing followed by tags...

CVE-2018-17092

An issue was discovered in DonLinkage 6.6.8. SQL injection in /pages/proxy/php.php and /pages/proxy/add.php can be exploited via specially crafted input, allowing an attacker to obtain information from a database. The vulnerability can only be triggered by an authorized user...