327 matches found
Oracle iPlanet Web Server 7.0.x - Image Injection
Oracle iPlanet Web Server 7.0.x allows image injection in the Administration console via the productNameSrc parameter to an admingui URI. This issue exists because of an incomplete fix for CVE-2012-0516. id: CVE-2020-9314 info: name: Oracle iPlanet Web Server 7.0.x - Image Injection author:...
PYSEC-2026-1259 CodeChecker open redirect when URL contains multiple slashes after the product name
Summary --- CodeChecker versions up to 6.24.5 contain an open redirect vulnerability due to missing protections against multiple slashes after the product name in the URL's path segment. This results in bypassing protections against CVE-2021-28861, leading to the same open redirect pathway. Detai...
EUVD-2026-41792
A weakness has been identified in SourceCodester Onlne Examination & Learning Management System 1.0. Affected by this issue is some unknown functionality of the file /announcements.php. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit has...
CVE-2026-14777
A weakness has been identified in SourceCodester Onlne Examination & Learning Management System 1.0. Affected by this issue is some unknown functionality of the file /announcements.php. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit has...
EUVD-2026-41733
A flaw has been found in SourceCodester Onlne Examination & Learning Management System 1.0. The impacted element is an unknown function of the file register.php of the component Registration Endpoint. Executing a manipulation of the argument role can lead to improper privilege management. The...
PT-2026-55773
Name of the Vulnerable Software and Affected Versions SourceCodester Onlne Examination & Learning Management System version 1.0 Description An issue exists in the Registration Endpoint within the register.php file. A remote attacker can manipulate the role argument to cause improper privilege...
CVE-2026-5834
A vulnerability was detected in code-projects Online Shoe Store 1.0. Affected is an unknown function of the file /admin/adminrunning.php. Performing a manipulation of the argument productname results in cross site scripting. It is possible to initiate the attack remotely. The exploit is now publi...
CVE-2026-5836
A vulnerability has been found in code-projects Online Shoe Store 1.0. Affected by this issue is some unknown functionality of the file /admin/adminproduct.php. The manipulation of the argument productname leads to cross site scripting. The attack can be initiated remotely. The exploit has been...
PT-2026-45707
Name of the Vulnerable Software and Affected Versions Easy Cart versions prior to 1.9 Description The Easy Cart plugin for WordPress contains a Stored Cross-Site Scripting issue. Authenticated attackers with Contributor-level access or higher can inject arbitrary web scripts into pages. This occu...
CVE-2026-9377
SourceCodester SUP Online Shopping 1.0 contains a cross-site scripting (XSS) vulnerability in the admin/productedit.php file. The vulnerability is triggered by manipulating the productName argument, enabling remote attack. The description indicates an exploitable issue with the productedit.php fu...
EUVD-2026-31589
A vulnerability was identified in SourceCodester SUP Online Shopping 1.0. The impacted element is an unknown function of the file /admin/productedit.php. The manipulation of the argument productName leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is...
SourceCodester SUP Online Shopping 代码注入漏洞
SourceCodester SUP Online Shopping is an open-source online shopping system developed by SourceCodester. Version 1.0 of SourceCodester SUP Online Shopping contains a code injection vulnerability. This vulnerability arises from improper handling of the productName parameter in the file...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021613)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021613 advisory. In the Linux kernel, the following vulnerability has been resolved: HID: wacom: fix when get product name maybe null pointer Due to incorrect dev-product reporting b...
eip-mcp
Exploit Intel Platform MCP Server Package/command: eip-mcp...
PT-2026-41729
Name of the Vulnerable Software and Affected Versions russh versions prior to 0.58.0 russh versions 0.60.x Description An issue exists in the CryptoVec component involving unchecked capacity growth, unchecked length arithmetic, and unsafe allocation and locking paths. In versions prior to 0.58.0,...
EUVD-2026-26742
The Gravity Forms plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient input validation and output escaping in the SingleProduct field when used inside a Repeater field. When SingleProduct fields are...
CVE-2026-5110 Gravity Forms <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting via Single Product Field Inside Repeater
The Gravity Forms plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient input validation and output escaping in the SingleProduct field when used inside a Repeater field. When SingleProduct fields are...
CVE-2026-5110
The Gravity Forms plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient input validation and output escaping in the SingleProduct field when used inside a Repeater field. When SingleProduct fields are...
PT-2026-36576
The Gravity Forms plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient input validation and output escaping of Calculation Product field product names when rendered inside Repeater fields. The validat...
CVE-2026-31778
A flaw was found in the Linux kernel's ALSA caiaq driver. A local user with a specially crafted USB device, containing a product name with many non-ASCII or non-space characters, can trigger a stack out-of-bounds read. This vulnerability allows the system to read past the end of a stack buffer,...