6712 matches found
WordPress All in One Time Clock Lite plugin cross-site scripting vulnerability
WordPress All in One Time Clock Lite plugin is a plugin for tracking employee's working hours and supports employee/volunteer/contractor attendance recording and report generation. The WordPress All in One Time Clock Lite plugin suffers from a cross-site scripting vulnerability that stems from th...
CVE-2025-55006 Frappe Learning Holds Potential for Malicious SVG Upload in Image Upload Feature
Frappe Learning is a learning system that helps users structure their content. In versions 2.33.0 and below, the image upload functionality did not adequately sanitize uploaded SVG files. This allowed users to upload SVG files containing embedded JavaScript or other potentially malicious content...
CVE-2025-55006
CVE-2025-55006 affects Frappe LMS 2.34.x/2.35.0. The issue stems from an incomplete fix for CVE-2025-55006, enabling cross-site scripting via manipulated input. Remote exploitation is described as possible; an exploit has been made public per connected sources. A remediation is to upgrade to a ve...
CVE-2025-55006 Frappe Learning Holds Potential for Malicious SVG Upload in Image Upload Feature
Frappe Learning is a learning system that helps users structure their content. In versions 2.33.0 and below, the image upload functionality did not adequately sanitize uploaded SVG files. This allowed users to upload SVG files containing embedded JavaScript or other potentially malicious content...
Frappe Learning 输入验证错误漏洞
Frappe Learning is an easy-to-use open source learning management system from Frappe Open Source. An input validation error vulnerability exists in Frappe Learning version 2.33.0 and earlier, which stems from insufficient cleanup of uploaded SVG files and could lead to the execution of arbitrary...
CVE-2025-22470
CL4/6NX Plus and CL4/6NX-J Plus Japan model with the firmware versions prior to 1.15.5-r1 allow crafted dangerous files to be uploaded. An arbitrary Lua script may be executed on the system with the root privilege...
Important: git
Issue Overview: When a user clones an untrusted repository and runs Gitk without additional command arguments, any writable file can be created and truncated. The option "Support per-file encoding" must have been enabled. The operation "Show origin of this line" is affected as well, regardless of...
CVE-2025-51629
A cross-site scripting XSS vulnerability in the PdfViewer component of Agenzia Impresa Eccobook 2.81.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Temp parameter...
CVE-2025-22470
CL4/6NX Plus and CL4/6NX-J Plus Japan model with the firmware versions prior to 1.15.5-r1 allow crafted dangerous files to be uploaded. An arbitrary Lua script may be executed on the system with the root privilege...
CVE-2025-22470
CVE-2025-22470 affects SATO CL4/6NX Plus and CL4/6NX-J Plus (Japan model) with firmware versions prior to 1.15.5-r1. The vulnerability arises from the ability to upload crafted dangerous files, enabling an arbitrary Lua script to execute on the target system with root privileges. Public reference...
CVE-2025-22470
CL4/6NX Plus and CL4/6NX-J Plus Japan model with the firmware versions prior to 1.15.5-r1 allow crafted dangerous files to be uploaded. An arbitrary Lua script may be executed on the system with the root privilege...
CVE-2025-22470
CL4/6NX Plus and CL4/6NX-J Plus Japan model with the firmware versions prior to 1.15.5-r1 allow crafted dangerous files to be uploaded. An arbitrary Lua script may be executed on the system with the root privilege...
Multiple vulnerabilities in Sato label printers CL4/6NX Plus and CL4/6NX-J Plus series
Overview Sato label printers CL4/6NX Plus and CL4/6NX-J Plus series provided by SATO Corporation contain multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2025-22469 Unrestricted upload of file with dangerous type CWE-434 - CVE-2025-22470 MASAHIRO IIDA of LAC Co., Ltd...
Linux Distros Unpatched Vulnerability : CVE-2022-29911
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An improper implementation of the new iframe sandbox keyword allow-top-navigation-by-user- activation could lead to script execution without allow-scripts being...
CLSA-2025-1754413251 git: Fix of 2 CVEs
CVE-2025-27614: fix a vulnerability in Gitk that allowed arbitrary script execution via specially crafted filenames in a repository - CVE-2025-27614: fix a vulnerability in Gitk that allowed arbitrary file creation/truncation - CVE-2025-46835: fix a vulnerability in Git GUI where editing files in...
CLSA-2025-1754413156 git: Fix of 2 CVEs
CVE-2025-27614: fix a vulnerability in Gitk that allowed arbitrary script execution via specially crafted filenames in a repository - CVE-2025-27614: fix a vulnerability in Gitk that allowed arbitrary file creation/truncation - CVE-2025-46835: fix a vulnerability in Git GUI where editing files in...
Exploit for Improper Neutralization in Alinto Sogo
CVE-2022-4556 - Stored XSS in SOGo Webmail v5.7.1 🧠 Summ...
WordPress plugin WP Easy Contact 跨站脚本漏洞
WordPress WP Easy Contact plugin is mainly used for website message function management, support users to submit messages and send them to the administrator's mailbox. WordPress WP Easy Contact plugin suffers from a cross-site scripting vulnerability that stems from the lack of effective filterin...
CVE-2025-4604
The vulnerable code can bypass the Captcha check in Liferay Portal 7.4.3.80 through 7.4.3.132, and Liferay DXP 2024.Q1.1 through 2024.Q1.19, 2024.Q2.0 through 2024.Q2.13, 2024.Q3.0 through 2024.Q3.13, 2024.Q4.0 through 2024.Q4.7, 2025.Q1.0 through 2025.Q1.15 and 7.4 update 80 through update 92 an...
CVE-2025-4604
The vulnerable code can bypass the Captcha check in Liferay Portal 7.4.3.80 through 7.4.3.132, and Liferay DXP 2024.Q1.1 through 2024.Q1.19, 2024.Q2.0 through 2024.Q2.13, 2024.Q3.0 through 2024.Q3.13, 2024.Q4.0 through 2024.Q4.7, 2025.Q1.0 through 2025.Q1.15 and 7.4 update 80 through update 92 an...