EUVD-2025-208145

SQL Injection vulnerability in "imageserver" module when processing C-FIND queries in CGM NETRAAD software allows attacker connected to PACS gaining access to database, including data processed by GCM CLININET software.This issue affects CGM NETRAAD with imageserver module in versions before 7.9....

CVE-2025-59057

React Router is a router for React. In @remix-run/react versions 1.15.0 through 2.17.0. and react-router versions 7.0.0 through 7.8.2, a XSS vulnerability exists in in React Router's meta/ APIs in Framework Mode when generating script:ld+json tags which could allow arbitrary JavaScript execution...

WordPress Plugin Element Pack - Addon for Elementor Page Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

WordPress Element Pack Pro Plugin <= 7.9.0 is vulnerable to Cross Site Scripting (XSS)

Software Element Pack Pro Type Plugin Vulnerable versions = 7.9.0 Fixed in 7.9.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2455 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 730dc288d987 Credits Francesco Carlucci...

PT-2023-6653 · Elastic · Agent +2

Name of the Vulnerable Software and Affected Versions: Elastic Endpoint versions 7.9.0 through 8.10.3 Description: The issue is related to insufficient protection of registration data in Elastic Endpoint, which can allow a remote attacker to disclose protected information. When Elastic Endpoint i...

WordPress Newsletter Plugin < 7.9.0 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:thenewsletterplugin:newsletter"; if description...

Stored Cross-Site Scripting Vulnerability Patched in Newsletter WordPress Plugin

On August 16, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a stored Cross-Site Scripting XSS vulnerability in the Newsletter plugin, which is actively installed on more than 300,000 WordPress websites. The vulnerability enables threat...

WordPress Email Newsletter Plugin <= 7.8.9 is vulnerable to Cross Site Scripting (XSS)

Software Email Newsletter Type Plugin Vulnerable versions = 7.8.9 Fixed in 7.9.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4772 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 05a4feb47c5b Credits Lana Codes Required...

WordPress plugin Stylish Cost Calculator Premium 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

Schneider Electric StruxureWare Data Center Expert 代码问题漏洞

Schneider Electric StruxureWare Data Center Expert StruxureWare Data Center Management Expert is a monitoring software from the French company Schneider Electric Schneider Electric. Suitable for a variety of organizations to monitor their company-wide power, cooling, security, environment. A code...

Design/Logic Flaw

Yet Another UserAgent Analyzer Yauaa is a java library that tries to parse and analyze the useragent string and extract as many relevant attributes as possible. Applications using the Client Hints analysis feature introduced with 7.0.0 can crash because the Yauaa library throws an...

CVE-2022-23496 A crafted list can trigger a ArrayIndexOutOfBoundsException in Yauaa

Yet Another UserAgent Analyzer Yauaa is a java library that tries to parse and analyze the useragent string and extract as many relevant attributes as possible. Applications using the Client Hints analysis feature introduced with 7.0.0 can crash because the Yauaa library throws an...

CVE-2022-23496 A crafted list can trigger a ArrayIndexOutOfBoundsException in Yauaa

Yet Another UserAgent Analyzer Yauaa is a java library that tries to parse and analyze the useragent string and extract as many relevant attributes as possible. Applications using the Client Hints analysis feature introduced with 7.0.0 can crash because the Yauaa library throws an...

GHSA-C4PM-63CG-9J7H Yauaa vulnerable to ArrayIndexOutOfBoundsException triggered by a crafted Sec-Ch-Ua-Full-Version-List

Impact Applications using the Client Hints analysis feature introduced with 7.0.0 can crash because the Yauaa library throws an ArrayIndexOutOfBoundsException. Applications that do not use this feature are not affected. Patches Upgrade to 7.9.0 Workarounds Catch and discard any exceptions from...

PT-2022-3484 · Unknown · Data Center Expert

Name of the Vulnerable Software and Affected Versions: Data Center Expert versions prior to 7.9.0 Description: The issue is related to insufficient protection of registration data in the Data Center Expert software. This could allow a remote attacker to gain full control over the software. The...

PT-2022-3520 · Unknown · Data Center Expert

Name of the Vulnerable Software and Affected Versions: Data Center Expert versions prior to 7.9.0 Description: The issue is related to insufficient protection of registration data, which could allow a remote attacker to gain full control over the software. This could result in unwanted access to ...

GHSA-C77J-P484-H84M Improper privilege management in elasticsearch

In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recently ran, the scrolling search can leak fields that should be hidden. This could result in an attack...

PT-2022-15662 · Tibco · Tibco Jasperreports Server +5

Name of the Vulnerable Software and Affected Versions: TIBCO JasperReports Library version 7.9.0 TIBCO JasperReports Library for ActiveMatrix BPM version 7.9.0 TIBCO JasperReports Server versions 7.9.0 through 7.9.1 TIBCO JasperReports Server for AWS Marketplace versions 7.9.0 through 7.9.1 TIBCO...

CVE-2021-35495

The Scheduler Connection component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server fo...

Moderate: Red Hat Security Advisory: Red Hat AMQ Broker 7.9.0 release and security update

Red Hat AMQ Broker 7.9.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...