2402 matches found
CVE-2025-36580
Dell Wyse Management Suite (WMS) before version 5.2 is affected by CVE-2025-36580 due to improper input neutralization during web page generation, enabling cross-site scripting. The vulnerability affects WMS when handling web requests from remote attackers with high privileges; exploitation could...
PandoraFMS ITSM 安全漏洞
PandoraFMS ITSM is a desktop help software from ESPPandoraFMS, Inc. A security vulnerability exists in PandoraFMS ITSM version 5.0.105, which stems from improper neutralization of the special elements of the chromiumpath variable, and could lead to OS command injection...
CVE-2025-32305 WordPress FlatNews theme <= 5.8 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sneeit WordPress FlatNews Theme flatnews allows Reflected XSS.This issue affects WordPress FlatNews Theme: from n/a through = 5.8...
CVE-2025-35005
Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MFMAC command that can lead to privilege escalation. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command 'Argumen...
CVE-2025-32459 ON Semiconductor Quantenna router_command.sh (in the sync_time argument) Argument Injection
The Quantenna Wi-Fi chipset ships with a local control script, routercommand.sh in the synctime argument, that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command 'Argument Injection'," and is estimated as a CVSS 7.7...
CVE-2025-30928
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in vicchi WP Biographia wp-biographia allows Stored XSS.This issue affects WP Biographia: from n/a through = 4.0.0...
CVE-2025-49326
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Ruben Garcia GamiPress gamipress allows SQL Injection.This issue affects GamiPress: from n/a through = 7.4.5...
CVE-2025-49326
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Ruben Garcia GamiPress gamipress allows SQL Injection.This issue affects GamiPress: from n/a through = 7.4.5...
CVE-2025-3322
CVE-2025-3322 describes improper neutralization of inputs used in an expression language that enables remote code execution with the highest privileges. Connected documents indicate the vulnerability is associated with B. Braun onlinesuite (OnlineSuite); a separate PT Security entry references Ap...
WordPress plugin WP Post Corrector SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...
CVE-2025-23393
A Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in spacewalk-java allows execution of arbitrary Javascript code on users machines.This issue affects Container suse/manager/5.0/x8664/server:5.0.4.7.19.1: from ? before 5.0.24-150600.3.25.1; SUSE Manager...
SUSE Manager Server 安全漏洞
SUSE Manager Server is an infrastructure management solution from SUSE Germany designed to simplify and secure the management of various Linux distributions. A security vulnerability exists in SUSE Manager Server versions prior to 5.0 that stems from improper neutralization and could lead to...
CVE-2025-46515 WordPress Category Widget plugin <= 2.0.2 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in M A Vinoth Kumar Category Widget category-widget allows Reflected XSS.This issue affects Category Widget: from n/a through = 2.0.2...
CVE-2025-47599
CVE-2025-47599: WordPress Facturante plugin
CVE-2025-47680 WordPress xili-tidy-tags plugin <= 1.12.06 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Michel - xiligroup dev xili-tidy-tags allows Reflected XSS. This issue affects xili-tidy-tags: from n/a through 1.12.06...
CVE-2025-22822
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bishawjit-das wp custom countdown wp-custom-countdown allows Stored XSS.This issue affects wp custom countdown: from n/a through = 2.8...
CVE-2025-22550
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Joe Rhoney AddFunc Mobile Detect addfunc-mobile-detect allows Stored XSS.This issue affects AddFunc Mobile Detect: from n/a through = 3.1...
CVE-2025-22524
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in formafzar فرم ساز فرم افزار formafzar allows Stored XSS.This issue affects فرم ساز فرم افزار: from n/a through = 2.0...
CVE-2024-43224
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Yuri Baranov YaMaps for WordPress allows Stored XSS.This issue affects YaMaps for WordPress: from n/a through 0.6.27...
CVE-2024-43225
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in ThemeLooks Enter Addons allows Stored XSS.This issue affects Enter Addons: from n/a through 2.1.7...