CVE-2025-64217 WordPress Photography theme <= 7.7.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Photography photography allows Reflected XSS.This issue affects Photography: from n/a through = 7.7.2...

EUVD-2015-1001

Malware in sbrugna...

EUVD-2015-0984

Malware in sbrugna...

EUVD-2015-1003

Malware in sbrugna...

EUVD-2015-0999

Malware in sbrugna...

EUVD-2015-1000

Malware in sbrugna...

WordPress Photography Theme <= 7.7.2 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme Photography versions = 7.7.2...

WordPress The Post Grid Plugin <= 7.7.1 is vulnerable to Cross Site Scripting (XSS)

Software The Post Grid Type Plugin Vulnerable versions = 7.7.1 Fixed in 7.7.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35739 Patch priority Low CVSS severity Low 6.5 Developer Mamunur Rashid PSID 3801d97a66a9 Credits SouzaZinn Required privilege Contributor...

WordPress Directorist Plugin <= 7.7.1 is vulnerable to CSV Injection

Software Directorist Type Plugin Vulnerable versions = 7.7.1 Fixed in 7.7.2 OWASP Top 10 A1: Injection Classification CSV Injection CVE CVE-2023-41798 Patch priority Low CVSS severity Low 5.1 Developer Claim ownership PSID 305b807eea54 Credits Rafshanzani Suhada Required privilege Editor Publishe...

WordPress Directorist Plugin <= 7.7.1 is vulnerable to Broken Access Control

Software Directorist Type Plugin Vulnerable versions = 7.7.1 Fixed in 7.7.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-47150 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c511217f52dd Credits István Márton Required privilege...

Mattermost Server < 7.1.6 / 7.2.x < 7.7.2 / 7.8.x < 7.8.1 Information Disclosure (MMSA-2023-00141)

The version of Mattermost Server running on the remote host is prior to 7.1.6, 7.2.x prior to 7.7.2 or 7.8.x prior to 7.8.1. It is, therefore, affected by an information disclosure vulnerability. An unauthenticated, remote attacker can request a preview of an existing message when creating a new...

biz.grundner.vaadin-in-spring:spring-vaadin (=1.0), com.ahome-it:ahome-tooling-server-vaadin-core (=1.0.112-RELEASE) +102 more potentially affected by CVE-2019-25028 via com.vaadin:vaadin-server (>=7.4.0 <=7.7.2)

com.vaadin:vaadin-server MAVEN version =7.4.0, =1.3, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =1.0.0, =1.0.0.BETA5 - com.mantledillusion.vaadin:vaadin-metrics-observer-7 =1.0.0.ALPHA1 and more Source cves: CVE-2019-25028 Source advisory: OSV:GHSA-Q74R-4XW3-PPX9...

LogicalDOC Enterprise 7.7.4 - Directory Traversal Vulnerability

Exploit for java platform in category web applications LogicalDOC Enterprise 7.7.4 Multiple Directory Traversal Vulnerabilities Vendor: LogicalDOC Srl Product web page: https://www.logicaldoc.com Affected version: 7.7.4 7.7.3 7.7.2 7.7.1 7.6.4 7.6.2 7.5.1 7.4.2 7.1.1 Summary: LogicalDOC is a free...

LogicalDOC Enterprise 7.7.4 - User Enumeration Vulnerability

Exploit for java platform in category web applications LogicalDOC Enterprise 7.7.4 Username Enumeration Weakness Vendor: LogicalDOC Srl Product web page: https://www.logicaldoc.com Affected version: 7.7.4 7.7.3 7.7.2 7.7.1 7.6.4 7.6.2 7.5.1 7.4.2 7.1.1 Summary: LogicalDOC is a free document...

CVE-2017-6400

An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged command execution on NetBackup Server and Client can occur on the local system...

CVE-2015-0995

Inductive Automation Ignition 7.7.2 uses MD5 password hashes, which makes it easier for context-dependent attackers to obtain access via a brute-force attack...

CVE-2015-0994

Inductive Automation Ignition 7.7.2 allows remote authenticated users to bypass a brute-force protection mechanism by using different session ID values in a series of HTTP requests...

Cross site scripting

Cross-site scripting XSS vulnerability in Inductive Automation Ignition 7.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Design/Logic Flaw

Inductive Automation Ignition 7.7.2 allows remote authenticated users to bypass a brute-force protection mechanism by using different session ID values in a series of HTTP requests...

Default credentials

Inductive Automation Ignition 7.7.2 uses MD5 password hashes, which makes it easier for context-dependent attackers to obtain access via a brute-force attack...