1694 matches found
CVE-2025-69828
File Upload vulnerability in TMS Global Software TMS Management Console v.6.3.7.27386.20250818 allows a remote attacker to execute arbitrary code via the Logo upload in /Customer/AddEdit...
PT-2026-4457
Name of the Vulnerable Software and Affected Versions LogicHunt Logo Slider versions through 4.9.0 Description The software contains a flaw related to improper input handling during web page creation, specifically a Stored Cross-site Scripting issue. This allows for the injection of malicious...
WordPress plugin Logo Slider has a security vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. There is a...
CVE-2025-69828
File Upload vulnerability in TMS Global Software TMS Management Console v.6.3.7.27386.20250818 allows a remote attacker to execute arbitrary code via the Logo upload in /Customer/AddEdit...
CVE-2025-69828
File Upload vulnerability in TMS Global Software TMS Management Console v.6.3.7.27386.20250818 allows a remote attacker to execute arbitrary code via the Logo upload in /Customer/AddEdit...
CVE-2025-69828
File Upload vulnerability in TMS Global Software TMS Management Console v.6.3.7.27386.20250818 allows a remote attacker to execute arbitrary code via the Logo upload in /Customer/AddEdit...
TMS Management Console security vulnerabilities
TMS Management Console is a management console software developed by the American company TMS. Version 6.3.7.27386.20250818 of TMS Management Console contains a security vulnerability. This vulnerability stems from the Logo upload function in the /Customer/AddEdit section, which has a file upload...
CVE-2025-69828
CVE-2025-69828 affects TMS Global Software TMS Management Console v6.3.7.27386.20250818. A file upload vulnerability in the Logo upload endpoint at /Customer/AddEdit allows remote code execution. Technical details indicate high-impact, network-exposed access with no privileges required and no use...
PT-2026-3956
Name of the Vulnerable Software and Affected Versions TMS Global Software TMS Management Console version 6.3.7.27386.20250818 Description A file upload issue exists in TMS Global Software TMS Management Console version 6.3.7.27386.20250818. A remote attacker can potentially execute arbitrary code...
PT-2026-4142
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in highwarden Super Logos Showcase superlogoshowcase-wp allows Reflected XSS.This issue affects Super Logos Showcase: from n/a through = 2.8...
CVE-2025-69828
File Upload vulnerability in TMS Global Software TMS Management Console v.6.3.7.27386.20250818 allows a remote attacker to execute arbitrary code via the Logo upload in /Customer/AddEdit...
CVE-2025-41084
Stored Cross-Site Scripting XSS vulnerability in Sesame web application, due to the fact that uploaded SVG images are not properly sanitized. This allows attackers to embed malicious scripts in SVG files by sending a POST request using the 'logo' parameter in '/api/v3/companies//logo', which are...
pcs security update
0.10.18-2.0.1.el810.8 - Replaced HAM-logo 0.10.18 - Debrand PCS 0.10.18-2.el810.8 - Fixed CVE-2025-67725, CVE-2025-67726 by patching bundled Tornado Resolves: RHEL-136415, RHEL-136420...
CVE-2025-41084
Stored Cross-Site Scripting XSS vulnerability in Sesame web application, due to the fact that uploaded SVG images are not properly sanitized. This allows attackers to embed malicious scripts in SVG files by sending a POST request using the 'logo' parameter in '/api/v3/companies//logo', which are...
CVE-2025-41084
CVE-2025-41084 describes a Stored Cross-Site Scripting (XSS) vulnerability in the Sesame web application. The issue arises because uploaded SVG images are not properly sanitized, allowing attackers to embed malicious scripts in SVG files by issuing a POST to the logo endpoint (/api/v3/companies//...
CVE-2025-41084 Stored Cross-Site Scripting (XSS) in Sesame web application
Stored Cross-Site Scripting XSS vulnerability in Sesame web application, due to the fact that uploaded SVG images are not properly sanitized. This allows attackers to embed malicious scripts in SVG files by sending a POST request using the 'logo' parameter in '/api/v3/companies//logo', which are...
CVE-2025-41084 Stored Cross-Site Scripting (XSS) in Sesame web application
Stored Cross-Site Scripting XSS vulnerability in Sesame web application, due to the fact that uploaded SVG images are not properly sanitized. This allows attackers to embed malicious scripts in SVG files by sending a POST request using the 'logo' parameter in '/api/v3/companies//logo', which are...
PT-2026-3547
Stored Cross-Site Scripting XSS vulnerability in Sesame web application, due to the fact that uploaded SVG images are not properly sanitized. This allows attackers to embed malicious scripts in SVG files by sending a POST request using the 'logo' parameter in '/api/v3/companies//logo', which are...
CVE-2025-67282
In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple Authorization Bypass vulnerabilities exists which allow a low privileged user to download password hashes of other user, access work items of other user, modify restricted content in workflows, modify the applications logo and manipulate the profi...
WordPress Logo Slider plugin <= 4.9.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Jitlada in WordPress Plugin Logo Slider versions = 4.9.0...