219665 matches found
EUVD-2021-34811
WordPress Picture Gallery 1.4.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Edit Content URL field in the Access Control settings. Attackers can enter JavaScript payloads in the plugin options that are stored in...
Spring4Shell-POC
ReznokWorks 사내 게시판 — 모의해킹 시나리오 PoC 원본 Spring4Shell PoChttp...
CVE-2021-47951
WordPress Picture Gallery 1.4.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Edit Content URL field in the Access Control settings. Attackers can enter JavaScript payloads in the plugin options that are stored in...
CVE-2021-47951
WordPress Picture Gallery 1.4.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Edit Content URL field in the Access Control settings. Attackers can enter JavaScript payloads in the plugin options that are stored in...
CVE-2021-47951 WordPress Picture Gallery 1.4.2 Stored XSS via Edit Content URL
WordPress Picture Gallery 1.4.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Edit Content URL field in the Access Control settings. Attackers can enter JavaScript payloads in the plugin options that are stored in...
CVE-2021-47951 WordPress Picture Gallery 1.4.2 Stored XSS via Edit Content URL
WordPress Picture Gallery 1.4.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Edit Content URL field in the Access Control settings. Attackers can enter JavaScript payloads in the plugin options that are stored in...
CVE-2026-8233
A vulnerability was determined in Dotouch XproUPF 2.0.0-release-088aa7c4. Affected is an unknown function of the component UPF. This manipulation causes improper access controls. A high degree of complexity is needed for the attack. The exploitability is told to be difficult. The vendor was...
WordPress Salon booking system plugin <= 10.30.25 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Evan in WordPress Plugin Salon booking system versions = 10.30.25...
CVE-2026-8233
CVE-2026-8233 concerns Dotouch XproUPF 2.0.0-release-088aa7c4 where an unknown UPF function manipulation leads to improper access controls. The description indicates a high attack complexity and requires adjacent access with low privileges and no user interaction. Impact is described as low for c...
CVE-2026-8233 Dotouch XproUPF access control
A vulnerability was determined in Dotouch XproUPF 2.0.0-release-088aa7c4. Affected is an unknown function of the component UPF. This manipulation causes improper access controls. A high degree of complexity is needed for the attack. The exploitability is told to be difficult. The vendor was...
EUVD-2026-28960
A vulnerability was determined in Open5GS up to 2.7.7. Affected by this issue is the function pcfsesssetipv6prefix of the file /src/pcf/context.c of the component PCF. Executing a manipulation of the argument SmPolicyContextData.ipv6AddressPrefix can lead to denial of service. It is possible to...
CVE-2026-8225 Open5GS delete Endpoint sm-sm.c pcf_npcf_smpolicycontrol_handle_delete denial of service
A vulnerability was identified in Open5GS up to 2.7.7. This affects the function pcfnpcfsmpolicycontrolhandledelete of the file src/pcf/sm-sm.c of the component delete Endpoint. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit is publicly available an...
CVE-2026-8225
Open5GS up to version 2.7.7 is affected by CVE-2026-8225. The vulnerability resides in the function pcf_npcf_smpolicycontrol_handle_delete within src/pcf/sm-sm.c of the delete Endpoint, where a manipulation leads to a denial of service. The issue is exploitable remotely and publicly available exp...
CVE-2026-8225
A vulnerability was identified in Open5GS up to 2.7.7. This affects the function pcfnpcfsmpolicycontrolhandledelete of the file src/pcf/sm-sm.c of the component delete Endpoint. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit is publicly available an...
CVE-2026-8224 Open5GS PCF context.c pcf_sess_set_ipv6prefix denial of service
A vulnerability was determined in Open5GS up to 2.7.7. Affected by this issue is the function pcfsesssetipv6prefix of the file /src/pcf/context.c of the component PCF. Executing a manipulation of the argument SmPolicyContextData.ipv6AddressPrefix can lead to denial of service. It is possible to...
Dotouch XproUPF 安全漏洞
Dotouch XproUPF is an intelligent conference tablet device from the Dotouch company, featuring integrated touch display and multimedia interaction capabilities. The Dotouch XproUPF 2.0.0-release-088aa7c4 version contains a security vulnerability. This vulnerability stems from improper access...
PT-2026-39451
A vulnerability was identified in Open5GS up to 2.7.7. This affects the function pcf npcf smpolicycontrol handle delete of the file src/pcf/sm-sm.c of the component delete Endpoint. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit is publicly availabl...
OpenCats 访问控制错误漏洞
OpenCats is an open-source recruitment process management system developed by OpenCats. Version 0.9.4 of OpenCats contains a vulnerability related to access control. This vulnerability stems from a remote code execution flaw, allowing unauthenticated attackers to execute arbitrary commands by...
PT-2026-39525
WordPress Picture Gallery 1.4.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Edit Content URL field in the Access Control settings. Attackers can enter JavaScript payloads in the plugin options that are stored in...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python3 (SUSE-SU-2026:1715-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1715-1 advisory. - CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined...