CVE-2026-4388

The Form Maker by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Matrix field Text Box input type in form submissions in all versions up to, and including, 1.15.40. This is due to insufficient input sanitization sanitizetextfield strips tags but not quotes and...

CVE-2026-5113

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Consent field hidden inputs in versions up to and including 2.10.0. This is due to a flawed state validation mechanism that fails open when input is sanitized by wpkses, combined with insufficient output...

CVE-2026-25655

A vulnerability has been identified in SINEC NMS All versions V4.0 SP2. The affected application permits improper modification of a configuration file by a low-privileged user. This could allow an attacker to load malicious DLLs, potentially leading to arbitrary code execution with administrative...

PT-2025-47896

An attacker with viewer permissions in Looker could craft a malicious URL that, when opened by a Looker admin, would execute an attacker-supplied script. Exploitation required at least one Looker extension installed on the instance. Looker-hosted and Self-hosted were found to be vulnerable. This...

EUVD-2019-10706

Malware in sbrugna...

Mattermost Path Traversal vulnerability

Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.10.x = 10.10.1, 10.9.x = 10.9.3 fail to validate import directory path configuration which allows admin users to execute arbitrary code via malicious plugin upload to prepackaged plugins directory...

PT-2024-40006 · Microsoft · Wix

Name of the Vulnerable Software and Affected Versions: WiX installer framework affected versions not specified Description: The vulnerability allows an attacker to escalate privileges through DLL redirection attacks. When the bundle is not run as admin, the user's TEMP folder is used, and a utili...

CVE-2022-47637

The installer in XAMPP through 8.1.12 allows local users to write to the C:\xampp directory. Common use cases execute files under C:\xampp with administrative privileges...

PT-2023-14070 · Unknown · Jumpserver

Name of the Vulnerable Software and Affected Versions: Jumpserver versions 2.10.0 through 2.26.0 Description: The issue is related to multiple stored XSS vulnerabilities due to improper filtering of user input. This can lead to the execution of any javascript under admin's permission...

Delta Electronics InfraSuite Device Master 访问控制错误漏洞

Delta Electronics InfraSuite Device Master is Delta Electronics' device for simplifying and automating critical equipment monitoring. An authentication error vulnerability exists in Delta Electronics InfraSuite Device Master versions prior to 1.0.5, which can be exploited by an attacker to achiev...

CVE-2022-22521

In Miele Benchmark Programming Tool with versions Prior to 1.2.71, executable files manipulated by attackers are unknowingly executed with users privileges. An attacker with low privileges may trick a user with administrative privileges to execute these binaries as admin...

Cisco SD-WAN vManage Software 安全漏洞

Cisco SD-WAN vManage Software is a management software for SD-WAN Software Defined Wide Area Network solutions from Cisco. A security vulnerability exists in Cisco SD-WAN vManage Software that originates when a low-privileged user executes a file that is exploited by the root user when running...

Cross-Site Request Forgery (CSRF) in neorazorx/facturascripts

✍️ Description Attacker able to delete any number of customers with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In...

CVE-2021-31475

This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Job Scheduler 2020.2.1 HF 2. Authentication is required to exploit this vulnerability. The specific flaw exists within the JobRouterService WCF service. The issue is due to the WCF...

CVE-2019-3726

An Uncontrolled Search Path Vulnerability is applicable to the following: Dell Update Package DUP Framework file versions prior to 19.1.0.413, and Framework file versions prior to 103.4.6.69 used in Dell EMC Servers. Dell Update Package DUP Framework file versions prior to 3.8.3.67 used in Dell...

Multiple Lenovo Products Sierra Wireless WAN Driver Elevation of Privilege Vulnerability

Lenovo IdeaPadMiix 510-12ISK and others are laptop products from Lenovo China.Sierra Wireless WAN driver is one of the wireless drivers from Sierra Wireless Canada. A local exploit exists in the Sierra Wireless WAN driver in various Lenovo products based on Windows 7, 8, and 10 platforms. A local...

The vulnerability in the loading of DLL files of the Cisco AnyConnect Secure Mobility Client software allows a perpetrator to install or execute a file with privileges equivalent to those of a Microsoft Windows system administrator account.

The vulnerability related to the loading of DLL files in the Cisco AnyConnect Secure Mobility Client encryption solution stems from deficiencies in access control. Exploiting this vulnerability allows a malicious actor, operating locally, to install or execute a DLL file with privileges equivalen...