WordPress Salon booking system plugin < 9.6.3 - Unauthenticated Stored XSS vulnerability

Unauthenticated Stored XSS vulnerability discovered by cyc707 in WordPress Plugin Salon booking system versions 9.6.3...

EUVD-2024-52771

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-29923

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - go-redis is the official Redis client library for the Go programming language. Prior to 9.5.5, 9.6.3, and 9.7.3, go-redis potentially responds out of order when...

CVE-2024-55452

A URL redirection vulnerability exists in UJCMS 9.6.3 due to improper validation of URLs in the upload and rendering of new block / carousel items. This vulnerability allows authenticated attackers to redirect unprivileged users to an arbitrary, attacker-controlled webpage. When an authenticated...

UJCMS 9.6.3 - User Enumeration via IDOR

Exploit Title: UJCMS 9.6.3 User Enumeration via IDOR Exploit Author: Cyd Tseng Date: 11 Dec 2024 Category: Web application Vendor Homepage: https://dromara.org/ Software Link: https://github.com/dromara/ujcms Version: UJCMS 9.6.3 Tested on: Linux CVE: CVE-2024-12483 Advisory:...

📄 UJCMS 9.6.3 Insecure Direct Object Reference

UJCMS version 9.6.3 suffers from an insecure direct object reference vulnerability that enables user enumeration. Exploit Title: UJCMS 9.6.3 User Enumeration via IDOR Exploit Author: Cyd Tseng Date: 11 Dec 2024 Category: Web application Vendor Homepage: https://dromara.org/ Software Link:...

CVE-2025-25958

Cross Site Scripting vulnerabilities in phpcmsv9 v.9.6.3 allows a remote attacker to escalate privileges via a crafted script...

PT-2025-7590 · Phpcmsv9 · Phpcmsv9

Name of the Vulnerable Software and Affected Versions: phpcmsv9 version 9.6.3 Description: The issue allows a remote attacker to escalate privileges via the menu interface of the member center of the background administrator. This is a Cross-Site Scripting issue. Recommendations: For phpcmsv9...

PT-2025-7589 · Phpcmsv9 · Phpcmsv9

Name of the Vulnerable Software and Affected Versions: phpcmsv9 version 9.6.3 Description: Cross Site Scripting vulnerabilities in phpcmsv9 allow a remote attacker to escalate privileges via a crafted script. Recommendations: For phpcmsv9 version 9.6.3, update to a version that fixes the Cross Si...

CVE-2025-25960

CVE-2025-25960 is a Cross Site Scripting vulnerability affecting phpcmsv9 v9.6.3. The issue allows a remote attacker to escalate privileges via the member center’s menu interface in the background administrator. Reported impact is a partial privilege escalation with low confidentiality/integrity ...

CVE-2025-25958

This CVE (CVE-2025-25958) affects phpcmsv9 v9.6.3 and is a Cross Site Scripting vulnerability that allows a remote attacker to escalate privileges via a crafted script. The vulnerability is documented across multiple sources (NVD, Red Hat, CNNVD, CVE lists) with the root cause described as XSS in...

PT-2024-36520 · Ujcms · Ujcms

Name of the Vulnerable Software and Affected Versions: UJCMS version 9.6.3 Description: A URL redirection vulnerability exists in UJCMS due to improper validation of URLs in the upload and rendering of new block/carousel items. This issue allows authenticated attackers to redirect unprivileged...

UJCMS 安全漏洞

UJCMS is a Java open source content management system from dromara open source. A security vulnerability exists in UJCMS version 9.6.3, which stems from improper URL authentication and a URL redirection vulnerability that allows an authenticated attacker to redirect an unprivileged user to an...

CVE-2024-55451

A Stored Cross-Site Scripting XSS vulnerability exists in authenticated SVG file upload and viewing functionality in UJCMS 9.6.3. The vulnerability arises from insufficient sanitization of embedded attributes in uploaded SVG files. When a maliciously crafted SVG file is viewed by other backend...

CVE-2024-55451

CVE-2024-55451 affects UJCMS 9.6.3. A Stored XSS exists in the authenticated SVG file upload/viewing functionality due to insufficient sanitization of embedded attributes in SVGs. When viewed by other backend users, it can execute arbitrary JavaScript in their browser context, potentially stealin...

UJCMS 安全漏洞

UJCMS is a Java open source content management system from dromara open source. A security vulnerability exists in UJCMS version 9.6.3 and earlier, which originates in the file /users/id and can lead to authorization bypass...

WordPress The Moneytizer plugin <= 9.6.3 - Cross-Site Request Forgery via multiple AJAX actions vulnerability

Cross-Site Request Forgery via multiple AJAX actions vulnerability discovered by Francesco Carlucci in WordPress Plugin The Moneytizer versions = 9.6.3...

WordPress Plugin Salon booking system 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

WordPress Plugin Salon booking system 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

Emergency update! Apple patches three zero-days

Apple has released security updates for several products to address a handful of zero-day vulnerabilities that may already have been used by criminals. Updates are available for: iOS 16.7 and iPadOS 16.7 iOS 17.0.1 and iPadOS 17.0.1 watchOS 9.6.3 watchOS 10.0.1 macOS Ventura 13.6 macOS Monterey...