47 matches found
CVE-2026-30228
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.5 and 9.5.0-alpha.3, the readOnlyMasterKey can be used to create and delete files via the Files API POST /files/:filename, DELETE /files/:filename. This bypasses the...
PT-2026-21831
Information Exposure Vulnerability in Hitachi Ops Center API Configuration Manager, Hitachi Configuration Manager, Hitachi Device Manager allows Session Hijacking.This issue affects Hitachi Ops Center API Configuration Manager: from 10.0.0-00 before 11.0.5-00; Hitachi Configuration Manager: from...
EUVD-2008-1127
Malware in sbrugna...
EUVD-2025-9733
Malicious code in bioql PyPI...
CVE-2025-8783
The Contact Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title’ parameter in all versions up to, and including, 8.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
CVE-2025-8783
The Contact Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title’ parameter in all versions up to, and including, 8.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
WordPress plugin Contact Manager 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
CVE-2025-8908
A vulnerability was determined in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.5.4. Affected by this issue is some unknown functionality of the file crm/WeiXinApp/yunzhijia/event.php. The manipulation of the argument openid leads to sql injection. The attack may be launched...
CVE-2025-8908
A vulnerability was determined in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.5.4. Affected by this issue is some unknown functionality of the file crm/WeiXinApp/yunzhijia/event.php. The manipulation of the argument openid leads to sql injection. The attack may be launched...
PT-2025-32987 · Unknown · Lingdang Crm
Name of the Vulnerable Software and Affected Versions: Lingdang CRM versions through 8.6.5.4 Description: A SQL injection issue exists in the crm/WeiXinApp/yunzhijia/event.php file. Manipulation of the openid argument can lead to SQL injection, and the attack can be launched remotely. The exploit...
CVE-2025-31487
The XWiki JIRA extension provides various integration points between XWiki and JIRA macros, UI, CKEditor plugin. If the JIRA macro is installed, any logged in XWiki user could edit his/her user profile wiki page and use that JIRA macro, specifying a fake JIRA URL that returns an XML specifying a...
CVE-2025-31487 The XWiki JIRA extension allows data leak through an XXE attack by using a fake JIRA server
The XWiki JIRA extension provides various integration points between XWiki and JIRA macros, UI, CKEditor plugin. If the JIRA macro is installed, any logged in XWiki user could edit his/her user profile wiki page and use that JIRA macro, specifying a fake JIRA URL that returns an XML specifying a...
PT-2025-9036 · Infoblox · Infoblox Nios
Name of the Vulnerable Software and Affected Versions: Infoblox NIOS versions prior to 8.6.5 Description: The issue is related to Improper Access Control for Grids, which could potentially allow unauthorized access. Recommendations: For versions prior to 8.6.5, update to version 8.6.5 or later to...
Security Updates for Azure CycleCloud (November 2024)
The Azure CycleCloud product is missing security updates. It is, therefore, affected by the following vulnerability: - A remote code execution vulnerability exists due to a disclosure of the storage credentials. An authenticated, remote attacker can exploit this to bypass authentication and execu...
CVE-2024-26367
CVE-2024-26367 involves a Cross Site Scripting vulnerability in Evertz Microsystems products, notably MViP-II Firmware 8.6.5 and related builds (XPS-EDGE-, evEDGE-EO- , MMA10G-, 570IPG-X19-10G) allowing a remote attacker to execute arbitrary code via a crafted payload to the login parameters. The...
Evertz microsystems MViP-II 安全漏洞
Evertz microsystems MViP-II is an IP-based multi-image display and monitoring solution from Evertz, USA. A security vulnerability exists in Evertz microsystems MViP-II version 8.6.5 that stems from the presence of a cross-site scripting vulnerability that could allow a remote attacker to execute...
PT-2024-21370 · Evertz Microsystems · Mvip-Ii +4
Name of the Vulnerable Software and Affected Versions: Evertz microsystems MViP-II Firmware version 8.6.5 Evertz microsystems XPS-EDGE- Build 1467 Evertz microsystems evEDGE-EO- Build 0029 Evertz microsystems MMA10G- Build 0498 Evertz microsystems 570IPG-X19-10G Build 0691 Description: The issue...
PT-2024-26777 · WordPress · Geo Controller
Name of the Vulnerable Software and Affected Versions: Geo Controller WordPress plugin versions prior to 8.6.5 Description: The issue allows unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog, due to the plugin unserializing user input via some of...
WordPress Geo Controller < 8.6.5 - PHP Object Injection
Description The plugin unserializes user input via some of its AJAX actions and REST API routes, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...
WordPress Geo Controller Plugin <= 8.6.4 is vulnerable to Cross Site Scripting (XSS)
Software Geo Controller Type Plugin Vulnerable versions = 8.6.4 Fixed in 8.6.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30451 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e663f7c5a611 Credits LVT-tholv2k Required privilege...