68 matches found
CVE-2026-11783
The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Product SKU in all versions up to, and including, 5.0.4 due to insufficient input sanitization and output escaping. This mak...
CVE-2026-11987
The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.0.4 via the 'id' parameter due to missing validation on a user controlled key. This...
CVE-2026-56033
Unauthenticated Privilege Escalation in Dokan Pro = 5.0.4 versions...
EUVD-2026-39696
Unauthenticated Privilege Escalation in Dokan Pro = 5.0.4 versions...
CVE-2026-6841
Request Tracker is vulnerable to a reflected cross-site scripting XSS vulnerability via the "Page" parameter in GET requests. An attacker can craft a URL that, when opened, results in arbitrary JavaScript execution in the victim’s browser. This vulnerability affects versions from 5.0.4 up to 5.0....
PT-2026-42461
Name of the Vulnerable Software and Affected Versions Request Tracker versions 5.0.4 through 5.0.9 Request Tracker versions 6.0.0 through 6.0.2 Description Reflected cross-site scripting XSS occurs via the Page parameter in GET requests. This allows an attacker to craft a URL that executes...
CVE-2026-35215
CVE-2026-35215 – Firebird DoS via crafted slice packet Firebird, an open-source RDBMS, has a vulnerability in the sdl_desc() function across affected series prior to 5.0.4, 4.0.7, and 3.0.14. The function does not validate the length of a decoded SDL descriptor from a slice packet; a zero-length ...
Firebird 安全漏洞
Firebird is a set of open-source, cross-platform relational database management systems provided by the Firebird Foundation, which include multiple ANSI SQL-92 functions. Vulnerabilities exist in versions prior to Firebird 5.0.4, 4.0.7, and 3.0.14. These vulnerabilities stem from the assumption...
CVE-2024-32537 WordPress Flash Video Player plugin <= 5.0.4 - CSRF to XSS vulnerability
Cross-Site request forgery CSRF vulnerability in joshuae1974 Flash Video Player allows Cross Site Request Forgery.This issue affects Flash Video Player: from n/a through 5.0.4...
CVE-2024-32537
Cross-Site request forgery CSRF vulnerability in joshuae1974 Flash Video Player allows Cross Site Request Forgery.This issue affects Flash Video Player: from n/a through 5.0.4...
CVE-2025-52870
A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 2026/01/20 and...
CVE-2025-57711
An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of...
CVE-2025-48722
A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4...
CVE-2025-57710
An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of...
CVE-2025-54146
A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4...
CVE-2025-52868
A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 2026/01/20 and...
CVE-2025-53598
A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4...
CVE-2025-30276
An out-of-bounds write vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify or corrupt memory. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 2026/01/20 and la...
CVE-2025-47209
CVE-2025-47209 : A NULL pointer dereference affects Qsync Central . If a remote attacker gains a user account , they can trigger a DoS . The issue is fixed in Qsync Central 5.0.0.4 (2026-01-20) and later; CVSS-like metrics indicate low privileges and network access with no user interaction. Explo...
CVE-2025-48723
A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 2026/01/20 and...