754 matches found
CVE-2024-51224
Multiple cross-site scripting XSS vulnerabilities in the component /admin/edit-vehicle.php of Phpgurukul Vehicle Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the vehiclename, modelnumber, regnumber, vehiclesubtype,...
Pixarra Tree Studio 安全漏洞
Pixarra Tree Studio is a tool developed by the American company Pixarra, focused on capturing natural growth and plant morphology. Version 2.17 of Pixarra Tree Studio contains a security vulnerability, which stems from the improper data input via the keyboard interface. This vulnerability could...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: HID: uclogic: Correct devm device reference for hidinput inputdev name CVE-2023-54207 In the Linux kernel, the following vulnerability has been resolved: driver core: fix potential null-ptr-deref in deviceadd...
CVE-2026-2266
CVE-2026-2266 : In GitHub Enterprise Server, there is a DOM-based cross-site scripting vulnerability caused by improper neutralization of input in the task list content rendering. Authenticated users can craft malicious task list items in issues or pull requests to inject user-supplied HTML and e...
Twake 安全漏洞
Twake is a secure open-source collaboration platform developed by LINAGORA, designed to improve organizational productivity. Version Twake 2023.Q1.1223 contains a security vulnerability, which stems from improper input during web page generation. This vulnerability could allow attackers to execut...
Bird-lg-go 安全漏洞
Bird-lg-go is a BGP routing query tool developed by Yuhui Xu. Previous versions of bird-lg-go, including 6187a4e, contained security vulnerabilities. These vulnerabilities stemmed from the traceroute module’s use of shlex.Split to parse user input without proper validation. This could allow remot...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the rendering of attacker-controlled input in Custom RSE Attribute. An attacker can execute arbitrary JavaScript in the context of the WebUI by injecting malicious payloads that are stored and later rendered...
Incomplete List of Disallowed Inputs
Overview Magick.NET-Q8-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...
Incomplete List of Disallowed Inputs
Overview Magick.NET-Q16-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Chromium: CVE-2026-2320 Inappropriate implementation in File input
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
CVE-2025-70846
lty628 aidigu v1.9.1 is vulnerable to Cross Site Scripting XSS on the /tools/Password/add page in the input field password...
KLA90894 Multiple vulnerabilities in Microsoft Browser
Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to obtain sensitive information, cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Information disclosure vulnerability can be exploited to...
PT-2026-7938
GHIA CamIP 1.2 for iOS contains a denial of service vulnerability in the password input field that allows attackers to crash the application. Attackers can paste a 33-character buffer of repeated characters into the password field to trigger an application crash on iOS devices...
KLA90880 Multiple vulnerabilities in Google Chrome
Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Use after free vulnerability in CSS can be exploited to cause denial of service or execute...
Drupal AT Internet SmartTag 安全漏洞
Drupal AT Internet SmartTag is a data analysis integration module developed by the Drupal company. Versions of Drupal AT Internet SmartTag prior to 1.0.1 contained security vulnerabilities, which were caused by improper input during web page generation. These vulnerabilities could lead to...
CVE-2021-47918
Simple CMS 2.1 contains a remote SQL injection vulnerability that allows privileged attackers to inject unfiltered SQL commands in the users module. Attackers can exploit unvalidated input parameters in the admin.php file to compromise the database management system and web application...
WordPress plugin BlockArt Blocks has a cross-site scripting vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
CVE-2025-68041
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in codisto Omnichannel for WooCommerce codistoconnect allows Stored XSS.This issue affects Omnichannel for WooCommerce: from n/a through = 1.3.65...
CVE-2025-68520 WordPress DotLife theme < 4.9.5 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods DotLife dotlife allows Reflected XSS.This issue affects DotLife: from n/a through 4.9.5...
CVE-2025-67959
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in purethemes WorkScout workscout allows Reflected XSS.This issue affects WorkScout: from n/a through = 4.1.07...