1451 matches found
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' in the actionApplyOverrideSettings function. An attacker can execute arbitrary code by injecting malicious...
GHSA-9JFM-9RC6-2HFQ Glances's Default CORS Configuration Allows Cross-Origin Credential Theft
Summary The Glances REST API web server ships with a default CORS configuration that sets alloworigins="" combined with allowcredentials=True. When both of these options are enabled together, Starlette's CORSMiddleware reflects the requesting Origin header value in the Access-Control-Allow-Origin...
WordPress Plugin Flexmls IDX 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
Unsafe Reflection
Overview Scrapy is a high-level web crawling and web scraping framework, used to crawl websites and extract structured data from their pages. Affected versions of this package are vulnerable to Unsafe Reflection via the Referrer-Policy header handled by RefererMiddleware. An attacker can execute...
📄 Microsoft Windows 11 SMB Local Privilege Escalation
Proof of concept for CVE‑2025‑33073, a Microsoft Windows SMB privilege escalation vulnerability that abuses local NTLM reflection behavior within the SMB stack...
MirrorDrift: Actuated Mirror-Based Attacks on LiDAR SLAM
LiDAR SLAM provides high-accuracy localization but is fragile to point-cloud corruption because scan matching assumes geometric consistency. Prior physical attacks on LiDAR SLAM largely rely on LiDAR spoofing via external signal injection, which requires sensor-specific timing knowledge and is...
SiYuan 跨站脚本漏洞
SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan. Versions of SiYuan prior to 3.5.10 contained a cross-site scripting vulnerability. This vulnerability stemmed from the SVG cleaner’s inability to properly check the javascript: prefix in href attributes, allowi...
groupoffice 跨站脚本漏洞
GroupOffice is an open-source groupware and CRM developed by Intermesh. Versions of GroupOffice prior to 6.8.155, 25.0.88, and 26.0.10 contained a cross-site scripting vulnerability. This vulnerability stemmed from the POST field in the installation script install/license.php, where the field was...
SiYuan 跨站脚本漏洞
SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan. Versions of SiYuan prior to 3.5.9 contained a cross-site scripting vulnerability. This vulnerability stemmed from the dynamic icon API endpoint not properly escaping the content controlled by attackers, which...
WordPress plugin Gecko 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. WordPress...
WordPress plugin MediCenter 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. The WordPre...
WordPress plugin LambertGroup - AllInOne - Banner with Playlist 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
WordPress plugin Thecs 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress plugin DeepDigital 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress plugin Agrofood 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress plugin UberSlider PerpetuumMobile 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. There is a...
WordPress plugin TheBi 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress plugin rh-frontend 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
Dokuzsoft E-Commerce Product 跨站脚本漏洞
Dokuzsoft E-Commerce Product is an e-commerce system developed by the Turkish company Dokuzsoft. Versions of Dokuzsoft E-Commerce Product from January 1, 2025, and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from improper input during web page generation,...
PuneethReddyHC Event Management 安全漏洞
PuneethReddyHCP Event Management is an application developed by Puneeth Reddy H C as a personal developer. It helps users register for events held during university festivals in a simple and secure manner. Version 1.0 of PuneethReddyHCP Event Management contains a security vulnerability. This...