Apache Solr <=8.8.1 - Server-Side Request Forgery

Apache Solr versions 8.8.1 and prior contain a server-side request forgery vulnerability. The ReplicationHandler normally registered at "/replication" under a Solr core in Apache Solr has a "masterUrl" also "leaderUrl" alias parameter that is used to designate another ReplicationHandler on anothe...

EUVD-2025-19601

Malicious code in bioql PyPI...

CVE-2025-49144 Notepad++ Privilege Escalation in Installer via Uncontrolled Executable Search Path

Notepad++ is a free and open-source source code editor. In versions 8.8.1 and prior, a privilege escalation vulnerability exists in the Notepad++ v8.8.1 installer that allows unprivileged users to gain SYSTEM-level privileges through insecure executable search paths. An attacker could use social...

CVE-2025-49144 Notepad++ Privilege Escalation in Installer via Uncontrolled Executable Search Path

Notepad++ is a free and open-source source code editor. In versions 8.8.1 and prior, a privilege escalation vulnerability exists in the Notepad++ v8.8.1 installer that allows unprivileged users to gain SYSTEM-level privileges through insecure executable search paths. An attacker could use social...

CVE-2023-26465

Pega Platform versions 7.2 to 8.8.1 are affected by an XSS issue...

WordPress plugin NEX-Forms – Ultimate Form Builder – Contact forms and much more 信息泄露漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin NEX-Forms - Ultimate Form Builder - Contact forms and much...

WordPress NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin <= 8.8.1 - Unauthenticated Sensitive Information Exposure vulnerability

Unauthenticated Sensitive Information Exposure vulnerability discovered by Tim Coen in WordPress Plugin NEX-Forms versions = 8.8.1...

PT-2024-10600 · Zimbra · Zimbra

Name of the Vulnerable Software and Affected Versions: Zimbra versions up to 8.8.1 Description: A problematic issue was found in the function XFormItem.prototype.setError of the file WebRoot/js/ajax/dwt/xforms/XFormItem.js of the component Form Textbox Field Error Handler. The manipulation of the...

CVE-2017-20188

The CVE-2017-20188 entry concerns Zimbra zm-ajax (versions up to 8.8.1). The flaw is in XFormItem.prototype.setError (WebRoot/js/ajax/dwt/xforms/XFormItem.js), where manipulating the argument message yields cross-site scripting. The vulnerability can be exploited remotely with high attack complex...

Zimbra Cross-Site Scripting Vulnerability

Synacor Zimbra is an open source email collaboration platform from Synacor, Inc. A cross-site scripting vulnerability exists in Zimbra zm-ajax 8.8.1 and earlier versions, which stems from a cross-site scripting XSS vulnerability in function XFormItem.prototype.setError in file...

PT-2024-10598 · Zimbra · Zimbra

Name of the Vulnerable Software and Affected Versions: Zimbra zm-ajax versions up to 8.8.1 Description: A vulnerability has been found in the function XFormItem.prototype.setError of the file WebRoot/js/ajax/dwt/xforms/XFormItem.js. The manipulation of the argument message leads to cross site...

CVE-2023-39107

An arbitrary file overwrite vulnerability in NoMachine Free Edition and Enterprise Client for macOS before v8.8.1 allows attackers to overwrite root-owned files by using hardlinks...

CVE-2023-32434

An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.5.2, macOS Big Sur 11.7.8, iOS 15.7.7 and iPadOS 15.7.7, macOS Monterey 12.6.7, watchOS 8.8.1, iOS 16.5.1 and iPadOS 16.5.1, macOS Ventura 13.4.1. An app may be able to execute arbitrary code with...

CVE-2023-26465

Pega Platform versions 7.2 to 8.8.1 are affected by an XSS issue...

CVE-2023-26465

Pega Platform versions 7.2 to 8.8.1 are affected by an XSS issue...

Pegasystem PEGA Platform 跨站脚本漏洞

Pegasystem PEGA Platform is a suite of application development platforms from the US-based Pegasystem. The platform is used to develop applications such as BPM Business Process Management, Case Management, Real-Time Decision Making and CRM Customer Relationship Management. A security vulnerabilit...

CVE-2023-26465

Pega Platform (versions 7.2–8.8.1) is affected by an XSS vulnerability. The CVE-2023-26465 entry is corroborated by multiple sources in connected documents, which consistently describe a cross‑site scripting issue impacting the Pega Platform product family. The specifics available show affected v...

GHSA-98PF-GFH3-X3MP Read the Docs vulnerable to Cross-Site Scripting (XSS)

Impact This vulnerability allowed a malicious user to serve arbitrary HTML files from the main application domain readthedocs.org/readthedocs.com by exploiting a vulnerability in the code that serves downloadable content from a project. Exploiting this would have required the attacker to get a...

Read the Docs vulnerable to Cross-Site Scripting (XSS)

Impact This vulnerability allowed a malicious user to serve arbitrary HTML files from the main application domain readthedocs.org/readthedocs.com by exploiting a vulnerability in the code that serves downloadable content from a project. Exploiting this would have required the attacker to get a...

Fortinet FortiNAC 权限许可和访问控制问题漏洞

Fortinet FortiNAC is a set of network access control solutions from the U.S. company Fita Fortinet. The product is primarily used for network access control and IoT security. FortiNAC suffers from a privilege permission and access control issue vulnerability that arises from an application not...