CVE-2017-20251 WordPress Insert PHP Plugin 4.7.0 PHP Code Injection via REST API

WordPress Insert PHP plugin versions before 3.3.1 contain a PHP code injection vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by injecting malicious shortcodes through the WordPress REST API. Attackers can send POST requests to the wp-json/wp/v2/posts endpoint...

Linux Distros Unpatched Vulnerability : CVE-2026-33320

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dasel is a command-line tool and library for querying, modifying, and transforming data structures. Starting in version 3.0.0 and prior to version 3.3.1, Dasel'...

CVE-2025-60374

Stored Cross-Site Scripting XSS in Perfex CRM chatbot before 3.3.1 allows attackers to inject arbitrary HTML/JavaScript. The payload is executed in the browsers of users viewing the chat, resulting in client-side code execution, potential session token theft, and other malicious actions. A...

EUVD-2025-33558

The authentication mechanism in Perfex CRM before 3.3.1 allows attackers to bypass login credentials due to insufficient server-side validation. By sending empty username and password parameters in the login request, an attacker can gain unauthorized access to user accounts, including...

CVE-2025-60375

The authentication mechanism in Perfex CRM before 3.3.1 allows attackers to bypass login credentials due to insufficient server-side validation. By sending empty username and password parameters in the login request, an attacker can gain unauthorized access to user accounts, including...

Citizen 跨站脚本漏洞

Citizen is a beautiful, easy-to-use and responsive MediaWiki skin from the Star Citizen Wiki team. A cross-site scripting vulnerability exists in Citizen versions prior to 3.3.1, which stems from the insertion of a preference message into raw HTML, potentially leading to arbitrary HTML injection...

CubeFS Security Vulnerability

CubeFS is a cloud-native file storage for CubeFS individual developers. A security vulnerability exists in CubeFS versions prior to 3.3.1 that stems from improper handling of incoming HTTP requests. An attacker can exploit the vulnerability to control the amount of memory allocated by an ObjectNo...

CubeFS Security Feature Issue Vulnerability

CubeFS is a cloud-native file storage for CubeFS individual developers. A security signature issue vulnerability exists in versions prior to CubeFS 3.3.1 that stems from the use of an insecure random string generator to generate user-specific sensitive keys. An attacker can escalate privileges by...

UBUNTU-CVE-2021-22895

Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certificate validation due to lack of SSL certificate verification when using the "Register with a Provider" flow...

CVE-2020-14313

An information disclosure vulnerability was found in Red Hat Quay in versions before 3.3.1. This flaw allows an attacker who can create a build trigger in a repository, to disclose the names of robot accounts and the existence of private repositories within any namespace...

DotCMS SQL Injection Vulnerability (CNVD-2016-11001)

DotCMS is a content management system CMS from the American company DotCMS. The system supports RSS feeds , blogs , forums and other modules , and is easy to extend and build features . A SQL injection vulnerability exists in categoriesServlet in DotCMS versions prior to 3.3.1. A remote attacker...

DotCMS SQL Injection Vulnerability (CNVD-2016-11004)

DotCMS is a content management system CMS from the American company DotCMS. The system supports RSS feeds , blogs , forums and other modules , and is easy to extend and build features . A SQL injection vulnerability exists in the JSONTags servlet in versions of DotCMS prior to 3.3.1. A remote...

DotCMS SQL Injection Vulnerability (CNVD-2016-11003)

DotCMS is a content management system CMS from the American company DotCMS. The system supports RSS feeds , blogs , forums and other modules , and is easy to extend and build features . A SQL injection vulnerability exists in the Site BrowserContainers pages screen in versions of DotCMS prior to...

CVE-2016-1599

Cross-site scripting XSS vulnerability in NetIQ Self Service Password Reset SSPR 2.x and 3.x before 3.3.1 HF2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL...