292 matches found
PT-2025-14567 · Unknown · Concrete Cms
Name of the Vulnerable Software and Affected Versions: Concrete CMS versions 9 and earlier than 9.4.0RC2 Concrete CMS versions earlier than 8.5.20 Description: The issue concerns Concrete CMS's Address attribute, where addresses are not properly sanitized in the output when a country is not...
CVE-2025-29719
SourceCodester rems Employee Management System 1.0 is vulnerable to Cross Site Scripting XSS in addemployee.php via the First Name and Address text fields...
go-git: argument injection via the URL field
An argument injection vulnerability was found in go-git. This flaw allows an attacker to set arbitrary values to git-upload-pack flags, leading to command or code execution, exposure of sensitive data, or other unintended behavior. This is only possible in configurations where the file transport...
BIT-DJANGO-2024-56374
An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions cleanipv6address and...
CVE-2025-26768
Cross-Site Request Forgery CSRF vulnerability in what3words what3words Address Field 3-word-address-validation-field allows Stored XSS.This issue affects what3words Address Field: from n/a through = 4.0.15...
what3words Address Field < 4.0.16 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Description The what3words Address Field plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.0.15. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and...
CVE-2025-26768
Cross-Site Request Forgery CSRF vulnerability in what3words what3words Address Field 3-word-address-validation-field allows Stored XSS.This issue affects what3words Address Field: from n/a through = 4.0.15...
CVE-2025-26768
CVE-2025-26768 is a CSRF-to-Stored XSS vulnerability in the WordPress plugin what3words Address Field (versions up to 4.0.15). The issue allows stored cross-site scripting via CSRF, affecting the plugin’s Address Field from “n/a through 4.0.15.” The associated CVSS 3.1 base score is 7.1 (HIGH): v...
PT-2025-7229 · What3Words · What3Words Address Field
Name of the Vulnerable Software and Affected Versions: what3words Address Field versions n/a through 4.0.15 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS in the what3words Address Field. This means an attacker can perform unauthorized actions on ...
WordPress plugin what3words Address Field 跨站请求伪造漏洞
WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerabilit...
WordPress what3words Address Field plugin <= 4.0.15 - CSRF to Stored XSS vulnerability
CSRF to Stored XSS vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin what3words Address Field versions = 4.0.15...
django: potential denial-of-service vulnerability in IPv6 validation
A flaw was found in the Django framework. Lack of upper bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial of service attack. The undocumented and private functions cleanipv6address and isvalidipv6address were vulnerable, as was the...
go-git: argument injection via the URL field
An argument injection vulnerability was found in go-git. This flaw allows an attacker to set arbitrary values to git-upload-pack flags, leading to command or code execution, exposure of sensitive data, or other unintended behavior. This is only possible in configurations where the file transport...
PYSEC-2025-1
An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions cleanipv6address and...
CVE-2024-48415
itsourcecode Loan Management System v1.0 is vulnerable to Cross Site Scripting XSS via a crafted payload to the lastname, firstname, middlename, address, contactno, email and taxid parameters in new borrowers functionality on the Borrowers page...
PT-2024-31225 · Unknown · Sourcecodehero Event Management System
Name of the Vulnerable Software and Affected Versions: Sourcecodehero Event Management System version 1.0 Description: The issue is a Stored Cross-Site Scripting vulnerability. It occurs through the parameters Full Name, Address, Email, and contact in the "/clientdetails/admin/regester.php" API...
Minor update (5) for Vivaldi Android Browser 6.8
Head to the Google Play Store and download the browser. Alternatively, you can download Vivaldi from Uptodown, the Android app store. Your rating for our browser matters. ⭐️ ⭐️ ⭐️ ⭐️ ⭐️ Enjoy! Changelog The following is a list of changes since the fourth 6.8 stable, minor update: Chromium Backport...
PT-2024-38601 · Unknown · Codeastro Online Railway Reservation System
Name of the Vulnerable Software and Affected Versions: CodeAstro Online Railway Reservation System version 1.0 Description: A problematic issue was found in the CodeAstro Online Railway Reservation System, affecting an unknown function of the file /admin/admin-add-employee.php of the component Ad...
PT-2024-38507 · Sourcecodester · Sourcecodester Kortex Lite Advocate Office Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester Kortex Lite Advocate Office Management System version 1.0 Description: A problematic issue has been found in the file adds.php, where the manipulation of the argument name, dob, email, mobile, or address leads to cross-site...
Warehouse Management System 跨站脚本漏洞
Warehouse Management System is a warehouse management system developed by Carlo Montero. A cross-site scripting vulnerability exists in Warehouse Management System version 1.0, which stems from the parameter namacustomer/alamatcustomer/notelpcustomer in the file customer.php and results in...