333 matches found
CVE-2022-20632
A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface of an affected device. The vulnerability exists because the web-based management interface does not properly validate...
CVE-2020-9239
Huawei smartphones BLA-A09 versions 8.0.0.123C212,versions earlier than 8.0.0.123C567,versions earlier than 8.0.0.123C797;BLA-TL00B versions earlier than 8.1.0.326C01;Berkeley-L09 versions earlier than 8.0.0.163C10,versions earlier than 8.0.0.163C432,Versions earlier than 8.0.0.163C636,Versions...
CVE-2020-9260
HUAWEI P30 and HUAWEI P30 Pro smartphones with versions earlier than 10.1.0.123C432E22R2P5 and versions earlier than 10.1.0.160C00E160R2P8 have an information disclosure vulnerability. Certain WI-FI function's default configuration in the system seems insecure, an attacker should craft a WI-FI...
CVE-2019-10939
A vulnerability has been identified in TIM 3V-IE incl. SIPLUS NET variants All versions V2.8, TIM 3V-IE Advanced incl. SIPLUS NET variants All versions V2.8, TIM 3V-IE DNP3 incl. SIPLUS NET variants All versions V3.3, TIM 4R-IE incl. SIPLUS NET variants All versions V2.8, TIM 4R-IE DNP3 incl...
CVE-2017-7722
In SolarWinds Log & Event Manager LEM before 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is accessed with "cmc" and "password" the default username and password. By exploiting a vulnerability in the restrictssh feature of the menuing script, an attacker can escape from the...
CVE-2025-48246
Missing Authorization vulnerability in StellarWP The Events Calendar the-events-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Events Calendar: from n/a through = 6.11.2.1...
PT-2025-21883 · WordPress · Qi Blocks
Name of the Vulnerable Software and Affected Versions: Qi Blocks WordPress plugin versions prior to 1.4 Description: The issue concerns a Stored Cross-Site Scripting attack. It is caused by the plugin not validating and escaping some of its Counter block options before outputting them back in a...
PT-2025-29902
Name of the Vulnerable Software and Affected Versions NVIDIA Container Toolkit versions up to 1.17.7 GPU Operator versions up to 25.3.0 NVIDIA Container Toolkit versions 1.17.8 and 25.3.1 are fixed. Description A critical vulnerability CVE-2025-23266, dubbed “NVIDIAScape”, exists in the NVIDIA...
PT-2025-21782 · WordPress · Wp-Members Membership Plugin
Name of the Vulnerable Software and Affected Versions: WP-Members Membership Plugin versions up to, and including, 3.5.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's wpmem user memberships shortcode due to insufficient input sanitization and output escaping on...
PT-2025-21381 · WordPress · The Ultimate Noindex Nofollow Tool
Name of the Vulnerable Software and Affected Versions: The Ultimate Noindex Nofollow Tool WordPress plugin versions 1.1.2 and earlier Description: The issue concerns a lack of CSRF check when updating settings, which could allow attackers to make a logged-in admin change them via a CSRF attack...
PT-2025-20543 · Sourcecodester · Online Student Clearance System
Name of the Vulnerable Software and Affected Versions: SourceCodester Online Student Clearance System version 1.0 Description: A vulnerability was found in the SourceCodester Online Student Clearance System, affecting an unknown functionality of the file /admin/add-student.php. The manipulation o...
PT-2025-18141 · Hugging Face · Huggingface/Transformers
Name of the Vulnerable Software and Affected Versions: huggingface/transformers library version v4.48.1 Description: A Regular Expression Denial of Service ReDoS vulnerability was identified in the huggingface/transformers library, specifically in the file tokenization gpt neox japanese.py of the...
PT-2025-17525 · Mojoomla · Wpams
Name of the Vulnerable Software and Affected Versions: WPAMS versions prior to 44.0 Description: The issue affects WPAMS, allowing for Reflected XSS due to improper neutralization of input during web page generation. This can lead to cross-site scripting. Recommendations: For versions prior to...
PT-2025-17406 · Sourcecodester · Sourcecodester Web-Based Pharmacy Product Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester Web-based Pharmacy Product Management System version 1.0 Description: A problematic vulnerability was found in the SourceCodester Web-based Pharmacy Product Management System. The issue affects an unknown functionality of the...
Oracle Coherence (April 2025 CPU)
The version of Coherence installed on the remote host is affected by a vulnerability as referenced in the April 2025 CPU advisory. - Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware component: Third Party Netty. Supported versions that are affected are 12.2.1.4.0,...
PT-2025-16403 · Oracle · Oracle Secure Backup
Name of the Vulnerable Software and Affected Versions: Oracle Secure Backup versions 12.1.0.1 through 12.1.0.3 Oracle Secure Backup versions 18.1.0.0 through 18.1.0.2 Description: The issue allows a high privileged attacker with logon to the infrastructure where Oracle Secure Backup executes to...
CVE-2025-2285
A local code execution vulnerability exists in the Rockwell Automation Arena® due to an uninitialized pointer. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerabili...
CVE-2025-3343
A vulnerability was found in codeprojects Online Restaurant Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/reservationupdate.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The...
PT-2025-14584 · Mindspore · Mindspore
Name of the Vulnerable Software and Affected Versions: MindSpore version 2.5.0 Description: A vulnerability has been found in MindSpore, affecting the function mindspore.numpy.fft.rfft2. This issue leads to memory corruption and requires a local approach to exploit. The exploit has been disclosed...
Nagios Log Server 2024R1.3.1 - Stored XSS
Exploit Title: Stored XSS Vulnerability in Nagios Log Server Privilege Escalation to Admin Date: 2025-04-02 Exploit Author: Seth Kraft Vendor Homepage: https://www.nagios.com/ Vendor Changelog: https://www.nagios.com/changelog/log-server Software Link:...