14 matches found
EUVD-2026-35292
The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the comment text in all versions up to, and including, 7.5.49.7212 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
stigmem-node's federation peer registration lacked explicit out-of-band approval
Impact Federation peer registration accepted peer key material during registration without a separate administrator approval step based on an out-of-band fingerprint check. Impacted deployments are nodes that accept federation peer registration across a network where initial registration could be...
Devolutions Server 安全漏洞
Devolutions Server is an application system developed by the Canadian company Devolutions. It provides a fully functional solution for shared accounts and password management. Versions of Devolutions Server from 2026.1.6.0 to 2026.1.16.0, as well as versions prior to 2025.3.20.0, have security...
EUVD-2022-3477
Malicious code in bioql PyPI...
EUVD-2025-23282
Malicious code in bioql PyPI...
CVE-2025-52289
CVE-2025-52289 affects MagnusBilling v7.8.5.3 and is a Broken Access Control vulnerability where newly registered users can escalate privileges by sending a crafted request to /mbilling/index.php/user/save to change status from "pending" to "active" without admin approval. The issue’s remediation...
CVE-2024-7747
The Wallet for WooCommerce plugin for WordPress is vulnerable to incorrect conversion between numeric types in all versions up to, and including, 1.5.6. This is due to a numerical logic flaw when transferring funds to another user. This makes it possible for authenticated attackers, with...
CVE-2024-7747 Wallet for WooCommerce <= 1.5.6 - Authenticated (Subscriber+) Incorrect Conversion between Numeric Types
The Wallet for WooCommerce plugin for WordPress is vulnerable to incorrect conversion between numeric types in all versions up to, and including, 1.5.6. This is due to a numerical logic flaw when transferring funds to another user. This makes it possible for authenticated attackers, with...
CVE-2021-24503
The Popular Brand Icons – Simple Icons WordPress plugin before 2.7.8 does not sanitise or validate some of its shortcode parameters, such as "color", "size" or "class", allowing users with a role as low as Contributor to set Cross-Site payload in them. A post made by a contributor would still hav...
CVE-2017-1000386
Jenkins Active Choices plugin version 1.5.3 and earlier allowed users with Job/Configure permission to provide arbitrary HTML to be shown on the 'Build With Parameters' page through the 'Active Choices Reactive Reference Parameter' type. This could include, for example, arbitrary JavaScript. Acti...
CVE-2017-1000386
Jenkins Active Choices plugin version 1.5.3 and earlier allowed users with Job/Configure permission to provide arbitrary HTML to be shown on the 'Build With Parameters' page through the 'Active Choices Reactive Reference Parameter' type. This could include, for example, arbitrary JavaScript. Acti...
Posty 1.0 SQL Injection
======================================================== Posty SQL injection Authentication bypass Description : an attacker is able to inject malicious sql query to bypass the login page and login as normal user Proof of Concept : - http://localhost/login.php set username and password = PCS00442...
EcShop冒充任意用户发商品评论,合理利用可操纵网店舆论
简要描述: 登录用户可以冒充任意其他注册用户对任意商品发表评论,合理利用可操纵网店舆论 详细说明: 漏洞代码在comment.php的287行处: $username = empty$cmt-username ? $SESSION'username' : trim$cmt-username; $cmt是一个json数据结构,在comment.php的37行处赋值: $cmt = $json-decode$REQUEST'cmt'; 由此可见,这里只要用户提交了"username":"any user account"的json code,就能冒充任意用户发表对指定商品的评论! 漏洞证明:...
Visual Studio 2022 version 17.2.23 update
This security update applies to all editions of Visual Studio 2022, and will update client machines on the LTSC channel to version 17.2.23. The client machines must be enabled to receive this administrator update, and by default Visual Studio must be closed on the client in order for the update t...