PT-2026-31546

Name of the Vulnerable Software and Affected Versions GitLab EE versions 18.2 through 18.8.8, 18.9 through 18.9.4, and 18.10 through 18.10.2 Description GitLab EE versions are susceptible to a flaw in customizable analytics dashboards. An authenticated user could potentially execute arbitrary...

Lantronix EDS5000 安全漏洞

The Lantronix EDS5000 is a serial port device server developed by the American company Lantronix. The Lantronix EDS5000 version 2.1.0.0R3 contains a security vulnerability. This vulnerability stems from insufficient cleaning of input parameters on the SSH Client and SSH Server pages, which may...

CVE-2024-2845

The BetterDocs – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer For Elementor & Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.4.2 due to insufficient input...

EUVD-2024-34031

Malicious code in bioql PyPI...

EUVD-2023-57958

Malicious code in bioql PyPI...

EUVD-2024-17244

Malicious code in bioql PyPI...

PT-2025-30551 · Iotgen · Iotgen

Name of the Vulnerable Software and Affected Versions: Apache IoT affected versions not specified Description: An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to improper sanitizing of user input in the Main Web Interface. The vulnerabl...

CVE-2024-5708

The WPBakery Visual Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter in all versions up to, and including, 7.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level acces...

CVE-2024-0691

The FileBird plugin for WordPress is vulnerable to Stored Cross-Site Scripting via imported folder titles in all versions up to, and including, 5.5.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator access, to...

CVE-2024-6634

The Master Currency WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's currencyconverterform shortcode in all versions up to, and including, 1.1.61 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-3670

The KiwiChat NextClient plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...

CVE-2024-12626

The AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘a-0-o-searchfieldvalue’ parameter in all versions up to, and including, 5.0.9 due to insufficient input sanitizatio...

CVE-2024-12851

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the customattributes parameter of the Cookie Consent Widget in all versions up to, and including, 5.10.14 due to...

The vulnerability of the built-in software of NETGEAR routers such as RBS50Y, RBR20, RBR40, RBR50, RBS20, RBS40, RBS50, RBK20, RBK40, RBK50 lies in the lack of measures for cleaning input data. This allows a hacker to execute arbitrary commands.

The vulnerability of the embedded software of NETGEAR RBS50Y, RBR20, RBR40, RBR50, RBS20, RBS40, RBS50, RBK20, RBK40, and RBK50 routers lies in the lack of measures for cleaning input data. Exploiting this vulnerability can allow a remote attacker to execute arbitrary commands...

The vulnerability of the built-in software of NETGEAR R7000, R6900P, and R7000P routers lies in the lack of measures to sanitize input data, allowing attackers to execute arbitrary commands.

The vulnerability of the embedded software of NETGEAR R7000, R6900P, and R7000P routers lies in the lack of measures for cleaning incoming data. Exploiting this vulnerability can allow a remote attacker to execute arbitrary commands...

The vulnerability of NETGEAR Wi-Fi router software, including models RBK752, RBR750, RBS750, RBK852, RBR850, and RBS850, arises from insufficient cleaning of input data. This allows attackers to execute arbitrary commands.

The vulnerability of NETGEAR CBR750, RBK852, RBR850, and RBS850 Wi-Fi routers’ built-in software is related to insufficient cleaning of input data. Exploiting this vulnerability can allow a remote attacker to execute arbitrary commands...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...

The vulnerability of the dbman service of the HPE Intelligent Management Center PLAT software platform allows a perpetrator to execute arbitrary code.

The vulnerability of the dbman service of the HPE Intelligent Management Center PLAT software platform is related to the lack of measures for cleaning input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

CVE-2017-12263

A vulnerability in the web interface of Cisco License Manager software could allow an unauthenticated, remote attacker to download and view files within the application that should be restricted, aka Directory Traversal. The issue is due to improper sanitization of user-supplied input in HTTP...

DVFolderContent Module 'download.php' local file inclusion vulnerability in Joomla!

Joomla! is an open source content management system CMS. A local file inclusion vulnerability exists in the Joomla! DVFolderContent Module 'download.php' due to a failure to adequately clean user input data. An attacker could exploit this vulnerability to obtain sensitive information or execute...