CVE-2019-25264

Snipe-IT 4.7.5 contains a persistent cross-site scripting vulnerability that allows authorized users to upload malicious SVG files with embedded JavaScript. Attackers can craft SVG files with script tags to execute arbitrary JavaScript when the accessory is viewed by other users...

CVE-2019-25264

CVE-2019-25264 (Snipe-IT 4.7.5) : A persistent cross-site scripting (XSS) vulnerability exists that allows authorized users to upload malicious SVG files containing embedded JavaScript. When such an SVG is viewed by other users (accessory context), the script can execute in their browsers. Affect...

Snipe-IT 跨站脚本漏洞

Snipe-IT is a set of open-source IT asset/license management systems developed by Grokability. Version 4.7.5 of Snipe-IT contains a cross-site scripting vulnerability. This vulnerability arises because authorized users can upload malicious SVG files containing embedded JavaScript, potentially...

CVE-2025-12168

The Phrase TMS Integration for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxdeletelog' AJAX endpoint in all versions up to, and including, 4.7.5. This makes it possible for authenticated attackers, with...

PT-2026-3346

The Phrase TMS Integration for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp ajax delete log' AJAX endpoint in all versions up to, and including, 4.7.5. This makes it possible for authenticated attackers, with...

SUSE-SU-2025:3793-1 Security update for xen

This update for xen fixes the following issues: - CVE-2025-58147, CVE-2025-58148: fixed input sanitisation in Viridian hypercalls XSA-475, bsc1251271...

Linux Distros Unpatched Vulnerability : CVE-2022-24755

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bareos is open source software for backup, archiving, and recovery of data for operating systems. When Bareos Director = 18.2 = 18.2 but prior to 21.1.0, 20.0.6...

WordPress WP ULike plugin <= 4.7.5 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin WP ULike versions = 4.7.5...

WordPress WP ULike plugin < 4.7.5 - Admin+ Stored XSS via Widgets vulnerability

Admin+ Stored XSS via Widgets vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin WP ULike versions 4.7.5...

CVE-2022-27861

Unauth. Open Redirect vulnerability in Arscode Ninja Popups plugin = 4.7.5 versions...

baserCMS 代码问题漏洞

baserCMS is an Enterprise Content Management System CMS from the baserCMS team. A code issue vulnerability exists in versions of baserCMS prior to 4.7.5 that stems from the presence of a file upload vulnerability...

Rocket.Chat 信息泄露漏洞

Rocket.Chat is an open source team chat software. An information disclosure vulnerability exists in Rocket.Chat versions prior to 4.7.5, which stems from allowing the "users.list" REST endpoint to fetch query parameters from JSON and run Users.findqueryFromClientSide, which can be exploited by an...

PT-2022-20946 · 3S Smart Software Solutions · Codesys V2 Plcwinnt +1

Name of the Vulnerable Software and Affected Versions: CODESYS V2 PLCWinNT and Runtime Toolkit 32 versions prior to V2.4.7.57 Description: The issue concerns password protection not being enabled by default. In cases where no password is set at the controller, there is no information or prompt to...

CVE-2021-4096

The Fancy Product Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery via the FPDAdminImport class that makes it possible for attackers to upload malicious files that could be used to gain webshell access to a server in versions up to, and including, 4.7.5...

PT-2021-20569 · 3S Smart Software Solutions · Codesys V2 Runtime Toolkit

Name of the Vulnerable Software and Affected Versions: CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT versions prior to V2.4.7.56 Description: The issue allows unauthenticated crafted invalid requests to result in several denial-of-service conditions. This can cause running PLC programs to b...

Vulnerabilities fixed in Red Hat OpenShift container platform

Red Hat has released version 4.7.5 of its OpenShift Container Platform. A malicious party could potentially exploit them to cause a denial-of-service or execute arbitrary execute arbitrary code with root privileges. -= Red Hat =- Red Hat has made updates available for OpenShift Container Platform...

DEBIAN-CVE-2017-9062

In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API...