WordPress Stop User Enumeration <=1.3.7 - Cross-Site Scripting

WordPress Stop User Enumeration 1.3.7 and earlier are vulnerable to unauthenticated reflected cross-site scripting. id: CVE-2017-18536 info: name: WordPress Stop User Enumeration =1.3.7 - Cross-Site Scripting author: daffainfo severity: medium description: WordPress Stop User Enumeration 1.3.7 an...

GPT Academic v1.3.9 - Open Redirect

An open redirect vulnerability exists in GPT Academic v1.3.9, where the file parameter in the /file= endpoint can be manipulated to redirect users to malicious websites. This could facilitate phishing attacks by tricking users into visiting attacker-controlled URLs. id: CVE-2024-10812 info: name:...

Gradio - Open Redirect

An open redirect vulnerability exists in the gradio-app/gradio, affecting the latest version. The vulnerability allows an attacker to redirect users to arbitrary websites, which can be exploited for phishing attacks, Cross-site Scripting XSS, Server-Side Request Forgery SSRF, amongst others. This...

WordPress PhastPress <1.111 - Open Redirect

WordPress PhastPress plugin before 1.111 contains an open redirect vulnerability. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2021-24210 info: name: WordPress PhastPress 1.111 - Open...

CVE-2025-26483

CVE-2025-26483 affects Dell PowerFlex Manager (versions 4.6.2 and earlier). The issue is an Open Redirect vulnerability that can allow an unauthenticated attacker to redirect users to arbitrary URLs, enabling phishing that could lead to data disclosure. No exploit details are provided in the docu...

Dell PowerFlex Manager 输入验证错误漏洞

Dell PowerFlex Manager is a product of the American company Dell. Versions of Dell PowerFlex Manager prior to 4.6.2 contained a vulnerability related to input validation. This vulnerability stemmed from open redirection, allowing unauthenticated attackers to redirect target application users to...

CVE-2020-37233

WordPress Plugin Buddypress 6.2.0 contains a persistent cross-site scripting vulnerability that allows authenticated attackers with moderator privileges to inject malicious script code through the figure parameter in wp:html blocks. Attackers can inject iframe elements with event handlers like...

Microsoft Edge 跨站脚本漏洞

Microsoft Edge is a web browser included with Windows 10 and later versions from Microsoft. Microsoft Edge has a cross-site scripting vulnerability. Attackers use this vulnerability to carry out phishing attacks...

Your iPhone Gets Stolen. Then the Hacking Begins

A bustling underground ecosystem is providing criminals with the tools to unlock iPhones—and wage phishing attacks against their contacts to access bank accounts and more...

Microsoft M365 Copilot 访问控制错误漏洞

Microsoft M365 Copilot is an AI-driven productivity tool developed by the American company Microsoft. There is a security access control vulnerability in Microsoft M365 Copilot. Attackers exploit this vulnerability to carry out phishing attacks...

Microsoft Teams 安全漏洞

Microsoft Teams is a software product developed by the American company Microsoft, used for online meetings, chatting, and cloud storage functions. There is a security vulnerability in Microsoft Teams. Attackers have exploited this vulnerability to carry out phishing attacks...

Microsoft Azure Machine Learning 注入漏洞

Microsoft Azure Machine Learning is a machine learning service provided by Microsoft Corporation in the United States. There is an injection vulnerability present in Microsoft Azure Machine Learning. Attackers utilize this vulnerability to carry out phishing attacks...

Microsoft M365 Copilot 访问控制错误漏洞

Microsoft M365 Copilot is an AI-driven productivity tool developed by the American company Microsoft. There is a security access control vulnerability in Microsoft M365 Copilot. Attackers exploit this vulnerability to carry out phishing attacks...

Microsoft Edge for Android 安全漏洞

Microsoft Edge for Android is a browser in the Android operating system developed by the American company Microsoft. There are security vulnerabilities in Microsoft Edge for Android. Attackers use these vulnerabilities to carry out phishing attacks...

Microsoft Edge 安全漏洞

Microsoft Edge is a web browser included with Windows 10 and later versions from Microsoft. There are security vulnerabilities in Microsoft Edge. Attackers use these vulnerabilities to carry out phishing attacks...

Microsoft Edge 安全漏洞

Microsoft Edge is a web browser included with Windows 10 and later versions from Microsoft. There are security vulnerabilities in Microsoft Edge. Attackers use these vulnerabilities to carry out phishing attacks...

EUVD-2021-34781

Rocket LMS 1.1 contains a persistent cross-site scripting vulnerability in the support ticket module that allows authenticated users to inject malicious script code through the title parameter. Attackers can submit support tickets with embedded HTML/JavaScript payloads that execute in the browser...

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect via the trainerlogin function. An attacker can redirect a user's browser to an external, attacker-controlled URL by supplying a crafted next parameter, potentially exposing sensitive information such as the original URL...

CVE-2026-7429 SSCMS v7.4.0 Reflected Cross-Site Scripting via STL Processing

SSCMS v7.4.0 contains a reflected cross-site scripting vulnerability in the STL processing endpoint that allows attackers to execute arbitrary JavaScript by crafting malicious STL template payloads that are decrypted and returned without proper sanitization. Attackers can exploit improper output...

PT-2026-36171

SSCMS v7.4.0 contains a reflected cross-site scripting vulnerability in the STL processing endpoint that allows attackers to execute arbitrary JavaScript by crafting malicious STL template payloads that are decrypted and returned without proper sanitization. Attackers can exploit improper output...