165 matches found
CVE-2025-52876
In JetBrains TeamCity before 2025.03.3 reflected XSS on the favoriteIcon page was possible...
JetBrains TeamCity 跨站脚本漏洞
JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. JetBrains TeamCity suffers from a cross-site...
CVE-2024-34427
Cross-Site Request Forgery CSRF vulnerability in Huseyin Berberoglu WP Favorite Posts.This issue affects WP Favorite Posts: from n/a through 1.6.8...
CVE-2013-5726
Tweetbot 1.3.3 for Mac, and 2.8.5 for iPad and iPhone, does not require confirmation of 1 follow or 2 favorite actions, which allows remote attackers to automatically force the user to perform undesired actions, as demonstrated via the tweetbot:///follow/ URL...
CVE-2024-13307 Reales WP - Real Estate WordPress Theme <= 2.1.2 - Missing Authorization to Unauthenticated Attachment Deletion and Favorite Property Updates
The Reales WP - Real Estate WordPress Theme theme for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'realesdeletefile', 'realesdeletefileplans', 'realesaddtofavourites', and 'realesremovefromfavourites' functions in all versions up...
CVE-2024-13307 Reales WP - Real Estate WordPress Theme <= 2.1.2 - Missing Authorization to Unauthenticated Attachment Deletion and Favorite Property Updates
The Reales WP - Real Estate WordPress Theme theme for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'realesdeletefile', 'realesdeletefileplans', 'realesaddtofavourites', and 'realesremovefromfavourites' functions in all versions up...
WordPress Reales WP theme <= 2.1.2 - Missing Authorization to Unauthenticated Attachment Deletion and Favorite Property Updates vulnerability
Missing Authorization to Unauthenticated Attachment Deletion and Favorite Property Updates vulnerability discovered by Lucio Sá in WordPress Theme Reales WP versions = 2.1.2...
Crying out Cloud: Our Favorite Stories of 2024
Check out our top podcast episode picks from the past year...
CVE-2025-22778
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in damniel Lijit Search wp-lijit-wijit allows Reflected XSS.This issue affects Lijit Search: from n/a through = 1.1...
CVE-2024-32132
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Codeboxr Team CBX Bookmark & Favorite.This issue affects CBX Bookmark & Favorite: from n/a through 1.7.20...
CVE-2025-23636
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dimitar A. My Favorite Car my-favorite-cars allows Reflected XSS.This issue affects My Favorite Car: from n/a through = 1.0...
CVE-2025-23636
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dimitar A. My Favorite Car my-favorite-cars allows Reflected XSS.This issue affects My Favorite Car: from n/a through = 1.0...
CVE-2025-23636 WordPress My Favorite Car plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dimitar A. My Favorite Car my-favorite-cars allows Reflected XSS.This issue affects My Favorite Car: from n/a through = 1.0...
CVE-2025-23636 WordPress My Favorite Car plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dimitar A. My Favorite Car my-favorite-cars allows Reflected XSS.This issue affects My Favorite Car: from n/a through = 1.0...
CVE-2025-23636
CVE-2025-23636 is a reflected XSS vulnerability reported for the WordPress plugin “My Favorite Car” by Dimitar Atanasov. The description states an improper neutralization of input during web page generation, enabling reflected Cross-Site Scripting. Affected range is “My Favorite Car: from n/a thr...
PT-2025-4991 · Unknown · My Favorite Car
Name of the Vulnerable Software and Affected Versions: My Favorite Car versions n/a through 1.0 Description: The issue is related to improper neutralization of input during web page generation, which allows for reflected Cross-site Scripting XSS. This enables an attacker to inject malicious scrip...
WordPress My Favorite Car plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin My Favorite Car versions = 1.0...
SAP NetWeaver Application Server 安全漏洞
SAP NetWeaver Application Server is an application server from SAP, Germany. A security vulnerability exists in SAP NetWeaver Application Server for ABAP, which arises from an RFC-enabled function module that allows a low-privileged user to perform various actions, such as modifying the URLs and...
SAP NetWeaver Application Server 安全漏洞
SAP NetWeaver Application Server is an application server from SAP, Germany. A security vulnerability exists in SAP NetWeaver Application Server that stems from an RFC-enabled function module that allows a less-privileged user to perform a denial of service to any user and also to change or delet...
Versa Director Dangerous File Type Upload Vulnerability
The Versa Director GUI contains an unrestricted upload of file with dangerous type vulnerability that allows administrators with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin privileges to customize the user interface. The “Change Favicon” Favorite Icon enables the upload of a...