4321 matches found
PT-2025-26915 · WordPress · Event Rsvp/Simple Event Management Plugin
Name of the Vulnerable Software and Affected Versions: The Event RSVP and Simple Event Management Plugin versions up to, and including, 4.1.0 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes in...
PT-2025-28077 · Belkin · Belkin F9K1122
Name of the Vulnerable Software and Affected Versions: Belkin F9K1122 version 1.00.33 Description: A critical issue has been found in the Belkin F9K1122, affecting the function mp of the file /goform/mp of the component webs. The manipulation of the argument command leads to os command injection...
PT-2025-26687 · Unknown · Sysmonelixir
Name of the Vulnerable Software and Affected Versions: SysmonElixir versions prior to 1.0.1 Description: The issue concerns SysmonElixir, a system monitor HTTP service in Elixir. Prior to version 1.0.1, the "/read" endpoint reads any file from the server's file system, including sensitive files...
PT-2025-26571 · Sparklemotion +1 · Nokogiri +1
Name of the Vulnerable Software and Affected Versions: sparklemotion nokogiri versions up to 1.18.7 Description: A vulnerability was found in sparklemotion nokogiri, affecting the function hashmap get with hash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based buffer...
PT-2025-26532 · Code Projects · Simple Online Hotel Reservation System
Name of the Vulnerable Software and Affected Versions: Simple Online Hotel Reservation System version 1.0 Description: A critical vulnerability was found in the Simple Online Hotel Reservation System. The issue is related to SQL injection, which can be triggered by manipulating the Username or...
PT-2025-26220
Name of the Vulnerable Software and Affected Versions jq version 1.8.0 Description A heap use after free issue exists within the function f strflocaltime of /src/builtin.c. This is a problem in a command-line JSON processor. Recommendations For version 1.8.0, consider restricting access to the f...
CVE-2025-6070
The Restrict File Access plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1.2 via the output function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server...
PT-2025-25483 · WordPress · Restrict File Access
Name of the Vulnerable Software and Affected Versions: Restrict File Access plugin for WordPress versions up to, and including, 1.1.2 Description: The issue allows authenticated attackers with Subscriber-level access and above to read the contents of arbitrary files on the server, which can conta...
WordPress plugin Restrict File Access 路径遍历漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A path traversal vulnerability exis...
PT-2025-25153 · Adobe · Experience Manager
Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.22 and earlier Description: A stored Cross-Site Scripting XSS issue affects the software, allowing a low-privileged attacker to inject malicious scripts into vulnerable form fields. When a victim browses ...
PT-2025-25105 · Adobe · Experience Manager
Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.22 and earlier Description: A stored Cross-Site Scripting XSS issue affects the software, allowing a low-privileged attacker to inject malicious scripts into vulnerable form fields. When a victim browses ...
PT-2025-24413 · Rt-Thread · Rt-Thread
Name of the Vulnerable Software and Affected Versions: RT-Thread version 5.1.0 Description: A critical issue has been found in the function sys thread sigprocmask of the file rt-thread/components/lwp/lwp syscall.c. The manipulation of the argument how leads to improper validation of array index...
PT-2025-23902 · Radare2 · Radare2
Name of the Vulnerable Software and Affected Versions: Radare2 version 5.9.9 Description: A vulnerability has been found in the function r cons flush in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to use after free. Local access is required to...
SUSE CVE-2025-2570
Mattermost versions 10.5.x = 10.5.3, 9.11.x = 9.11.11 fail to check RestrictSystemAdmin setting if user doesn't have access to ExperimentalSettings which allows a System Manager to access ExperimentSettings when RestrictSystemAdmin is true via System Console...
PT-2025-22933 · Assimp +1 · Assimp +1
Name of the Vulnerable Software and Affected Versions: Open Asset Import Library Assimp version 5.4.3 Description: A vulnerability was found in the Open Asset Import Library Assimp. It has been rated as problematic and affects the SkipSpaces function in the library...
PT-2025-22898 · Tcman · Tcman'S Gim
Name of the Vulnerable Software and Affected Versions: TCMAN's GIM version 11 Description: The issue concerns time-based blind SQL injection vulnerabilities. These vulnerabilities allow an attacker to retrieve, create, update, and delete databases through the ArbolID parameter in the...
PT-2025-22826 · WordPress · Pagelayer
Name of the Vulnerable Software and Affected Versions: The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress versions prior to 2.0.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's Button widget due to insufficient input sanitization an...
CVE-2025-24610
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Christian Leuenberg Restrict Anonymous Access restrict-anonymous-access allows Stored XSS.This issue affects Restrict Anonymous Access: from n/a through = 1.2...
CVE-2024-31432
Missing Authorization vulnerability in StellarWP Restrict Content.This issue affects Restrict Content: from n/a through 3.2.8...
CVE-2024-0682
The Page Restrict plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 2.5.5. This is due to the plugin not properly restricting access to posts via the REST API when a page has been made private. This makes it possible for unauthenticated attackers t...