FreeScout 安全漏洞

FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout 1.8.208 and earlier contain security vulnerabilities. These vulnerabilities stem from issues with the attachment handling logic and the SVG...

[SECURITY] [DLA 4434-1] sogo security update

Debian LTS Advisory DLA-4434-1 [email protected] https://www.debian.org/lts/security/ Tobias Frost January 06, 2026 https://wiki.debian.org/LTS Package : sogo Version : 5.0.1-4+deb11u3 CVE ID : CVE-2024-34462 CVE-2025-63499 Debian Bug : 1071163 1121952 Several XSS vulnerabiltiies have...

EUVD-2002-0452

Malware in sbrugna...

EUVD-2021-7561

Malicious code in bioql PyPI...

EUVD-2025-5904

Malicious code in bioql PyPI...

EUVD-2023-44083

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-23792

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When adding attachments to ticket comments, another user can add attachments as well impersonating the orginal user. The attack requires a logged-in other user ...

CVE-2025-43763

A server-side request forgery SSRF vulnerability exist in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13 and 2024.Q1.1 through 2024.Q1.20 that affects custom object attachment fields. This flaw...

Memos 安全漏洞

Memos is a Memos open source open source hosted meme center with knowledge management and social features. A security vulnerability exists in Memos version 0.22, which stems from the Upload Attachment and User Avatar features being vulnerable to a stored cross-site scripting attack that could...

CVE-2025-5082 WP Attachments <= 5.0.12 - Reflected Cross-Site Scripting via attachment_id Parameter

The WP Attachments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘attachmentid’ parameter in all versions up to, and including, 5.0.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...

CVE-2023-45651

Cross-Site Request Forgery CSRF vulnerability in Marco Milesi WP Attachments allows Cross Site Request Forgery.This issue affects WP Attachments: from n/a through 5.0.11...

Exploit for Missing Authorization in Directsoftware Order_Attachments_For_Woocommerce

🚀 WooCommerce Arbitrary File Upload Exploit CVE-2024-9756...

PT-2025-9068 · WordPress · Order Attachments For Woocommerce

Name of the Vulnerable Software and Affected Versions: Order Attachments for WooCommerce plugin for WordPress version 2.5.1 and earlier Description: The issue allows unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads directory, which can contain file...

qdPM Code Issues Vulnerabilities

qdPM is a web-based open source project management tool. A security vulnerability exists in qdPM version 9.2, which stems from a remote code execution vulnerability. The vulnerability allows an attacker to upload a .php file to the /uploads URI via the Add Attachments function to execute remote...

PrestaShop Input Validation Error Vulnerability

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, short message alerts and product image scaling. An input validation error vulnerability exists in PrestaShop versions prior to 8.1.1, which stems from a...

PT-2022-20745 · Open Xchange · Ox App Suite

Name of the Vulnerable Software and Affected Versions: OX App Suite versions through 8.2 Description: The issue allows for XSS via an attachment or OX Drive content when a client uses the len or off parameter. This can be exploited when the client utilizes specific parameters in conjunction with...

CVE-2022-21467

Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain component: Attachments. The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this...

CVE-2022-21467

Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain component: Attachments. The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this...

Oracle E-Business Suite 安全漏洞

Oracle E-Business Suite is based on the original Application ERP expansion, including ERP Enterprise Resource Planning, HR Human Resource Management, CRM Customer Relationship Management and so on a variety of management software collection, is seamlessly integrated with a management suite. Oracl...

Unauthorized Access Vulnerability in Beijing Jinfang Times Website Building System

Beijing Jinfang Times Technology Co., Ltd. for enterprises, institutions, government agencies to provide high-end website construction services, headquartered in Beijing, Shijiazhuang has a branch. Unauthorized access vulnerability exists in the Beijing Jinfang Times website building system, whic...