2403 matches found
CVE-2025-31926
CVE-2025-31926 : LambertGroup Sticky Radio Player for WordPress (vulnerable up to 3.4) suffers an SQL Injection due to improper neutralization of input elements. According to the sources, the CVSS v3.1 base score is 8.5 (HIGH) with Network attack vector, LOW attack complexity, and LOW privileges ...
CVE-2025-31928
CVE-2025-31928 affects LambertGroup’s WordPress plugin Multimedia Responsive Carousel with Image Video Audio Support (versions
CVE-2025-48137
CVE-2025-48137 refers to a SQL Injection in the WordPress Interview plugin (Interview) affecting versions up to 1.01 due to improper neutralization of SQL elements. Public sources (NVD/PATCHSTACK/Red Hat/ Circl/CVE lists) confirm the issue and its CVE coverage; exploitation details are not provid...
WordPress plugin UberSlider SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...
WordPress plugin Apollo SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...
WordPress plugin Sticky HTML5 Music Player SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...
Security Bulletin: Astronomer with IBM is vulnerable to arbitrary code execution due to the LangChain package (CVE-2023-38896).
Summary LangChain is used by Astronomer with IBM as part of LLM processing. Vulnerability Details CVEID:CVE-2023-38896 DESCRIPTION: LangChain could allow a remote attacker to execute arbitrary code on the system, caused by improper neutralization of user supplied-input by the frommathprompt and...
CVE-2025-46786 Zoom Workplace Apps - Cross-site Scripting
Cross-site scripting in some Zoom Workplace Apps may allow an authenticated user to impact app integrity via network access...
CVE-2025-30664 Zoom Workplace Apps - Cross-site Scripting
Cross-site scripting in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via local access...
CVE-2025-30664 Zoom Workplace Apps - Cross-site Scripting
Cross-site scripting in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via local access...
Zoom Workplace 注入漏洞
Zoom Workplace is a desktop application from Zoom USA. Zoom Workplace suffers from an injection vulnerability that stems from improper neutralization of a special element, which could affect application integrity...
Zoom Workplace 注入漏洞
Zoom Workplace is a desktop application from Zoom USA. Zoom Workplace suffers from an injection vulnerability that stems from improper neutralization of special elements, which could lead to elevation of privilege...
PT-2025-21122
Name of the Vulnerable Software and Affected Versions: ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier Description: The issue is related to an improper neutralization of special elements used in an OS command, which could result in arbitrary code execution in the context of the current...
CVE-2025-46749
CVE-2025-46749 is described across multiple feeds as an input/output sanitization issue that allows an authenticated user to inject scripting into fields, triggering client-side script execution. Connected sources reference Schweitzer Engineering Laboratories products (e.g., SEL-5033/SEL-5702/SEL...
CVE-2025-47616
CVE-2025-47616 : Stored XSS in the WordPress plugin aBlocks (versions
CVE-2025-47595
CVE-2025-47595 describes a stored XSS in WordPress plugin Color Your Bar (affected: n/a through 2.0) caused by improper input neutralization during web page generation. The vulnerability is categorized as Cross-site Scripting with a CVSSv3.1 base score of 5.9 (Medium) and is labeled as network-ex...
CVE-2025-0667 BOINC Server Stored XSS Injection in pm.php
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in BOINC Server allows Stored XSS.This issue affects BOINC Server: through 1.4.7...
Improper Neutralization Of Escape, Meta, Or Control Sequences
Apache Tomcat is vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences. The vulnerability is due to certain uncommon rewrite rule configurations, specially crafted requests to bypass these rules, which allows an attacker to circumvent security constraints enforced by them...
The vulnerability of the vaultwarden password management service lies in the improper elimination of certain elements in the output data, allowing a hacker to execute arbitrary code.
The vulnerability of the vaultwarden password management service is related to incorrect neutralization of certain elements in the output data. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
Improper Neutralization
Overview org.apache.tomcat:tomcat-catalina is a Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Improper Neutralization in the RewriteValve class, which handles rewrite rules. If rewrite rules are configured to enforce security...