EUVD-2026-10534

An improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4 may allow a remote unauthenticated attacker to provide arbitrary data enabling a social engineering attack via spoofed URL parameters...

GROWI vulnerable to cross-site request forgery

Overview GROWI provided by GROWI, Inc. contains the following vulnerability. Cross-site request forgery CWE-352 - CVE-2025-64700 GROWI, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and GROWI, Inc. coordinated under the Information Security...

CVE-2023-3696

Prototype Pollution in GitHub repository automattic/mongoose prior to 7.3.4...

MongoDB Server 访问控制错误漏洞

MongoDB Server is a set of open source NoSQL databases from the American company MongoDB. The database provides collection-oriented storage, dynamic querying, data replication and automatic failover. A security vulnerability exists in MongoDB Server that stems from the possibility that an...

MongoDB 6.0.x < 6.0.17 / 7.0.x < 7.0.13 / 7.3.x < 7.3.4 incorrect enforcement of index constraints (SERVER-92382)

The version of MongoDB installed on the remote host is prior to 6.0.17, 7.0.13 and 7.3.4. It is, therefore, affected by a vulnerability as referenced in the SERVER-92382 advisory. - PrepareUnique index may cause secondaries to crash due to incorrect enforcement of index constraints on secondaries...

MongoDB DoS Vulnerability (SERVER-92382) - Linux

MongoDB is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mongodb:mongodb"; if...

CVE-2024-8305

CVE-2024-8305 affects MongoDB Server: 6.0 before 6.0.17, 7.0 before 7.0.13, and 7.3 before 7.3.4. The issue arises from prepareUnique index enforcement on secondaries, which can cause secondaries to crash and, in extreme cases, result in a loss of primaries. The available connected details specif...

MongoDB Server secondaries may crash due to forced index constraints

prepareUnique index may cause secondaries to crash due to incorrect enforcement of index constraints on secondaries, where in extreme cases may cause multiple secondaries crashing leading to no primaries. This issue affects MongoDB Server v6.0 versions prior to 6.0.17, MongoDB Server v7.0 version...

RHSA-2019:3046 Red Hat Security Advisory: Red Hat Single Sign-On 7.3.4 security update on RHEL 8

Bulletin has no description...

RHSA-2019:3044 Red Hat Security Advisory: Red Hat Single Sign-On 7.3.4 security update on RHEL 6

Bulletin has no description...

RHSA-2019:3048 Red Hat Security Advisory: RH-SSO 7.3.4 adapters for Enterprise Application Platform 6 security update

Bulletin has no description...

BIT-MONGOOSE-2023-3696 Prototype Pollution in automattic/mongoose

Prototype Pollution in GitHub repository automattic/mongoose prior to 7.3.4...

Cross site scripting

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Katie Seaborn Zotpress plugin = 7.3.4 versions...

CVE-2023-3696 Prototype Pollution in automattic/mongoose

Prototype Pollution in GitHub repository automattic/mongoose prior to 7.3.4...

Automattic Mongoose 安全漏洞

Automattic Mongoose is a MongoDB object modeling tool for asynchronous environments. A security vulnerability exists in Automattic Mongoose versions prior to 7.3.4 that stems from the presence of a prototype contamination vulnerability...

Cesanta Mongoose Web Server < 7.3.4 Prototype Pollution Vulnerability

Cesanta Mongoose Web Server is prone to a prototype pollution vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Liferay Portal和Liferay DXP 跨站脚本漏洞

Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...

Zotpress < 7.3.4 - Unauthenticated Reflected XSS

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

WordPress Zotpress Plugin <= 7.3.3 is vulnerable to Cross Site Scripting (XSS)

Software Zotpress Type Plugin Vulnerable versions = 7.3.3 Fixed in 7.3.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32961 Patch priority Medium CVSS severity Medium 7.1 Developer Katie Seaborn PSID 1e1dc3c4b47a Credits LOURCODE Required privileg...

CVE-2021-36905 WordPress Quiz And Survey Master plugin <= 7.3.4 - Multiple Auth. Stored Cross-Site Scripting (XSS) vulnerabilities

Multiple Auth. contributor+ Stored Cross-Site Scripting XSS vulnerabilities in Quiz And Survey Master plugin = 7.3.4 on WordPress...