CVE-2025-53909 mailcow: dockerized vulnerable to SSTI in Quota and Quarantine Notification Template

mailcow: dockerized is an open source groupware/email suite based on docker. A Server-Side Template Injection SSTI vulnerability exists in versions prior to 2025-07 in the notification template system used by mailcow for sending quota and quarantine alerts. The template rendering engine allows...

WordPress plugin Widget for Google Reviews 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2024-1577

Remote Code Execution vulnerability in MegaBIP software allows to execute arbitrary code on the server without requiring authentication by saving crafted by the attacker PHP code to one of the website files. This issue affects MegaBIP software versions through 5.11.2...

CVE-2024-1659

Arbitrary File Upload vulnerability in MegaBIP software allows attacker to upload any file to the server including a PHP code file without an authentication. This issue affects MegaBIP software versions through 5.10...

CVE-2023-37908

XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. The cleaning of attributes during XHTML rendering, introduced in version 14.6-rc-1, allowed the injection of arbitrary HTML code and thus cross-site scripting via invalid attribute...

CVE-2023-1716

Cross-site scripting XSS vulnerability in Invoice Edit Page in Bitrix24 22.0.300 allows attackers to execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege...

CVE-2020-12736

Code42 environments with on-premises server versions 7.0.4 and earlier allow for possible remote code execution. When an administrator creates a local non-SSO user via a Code42-generated email, the administrator has the option to modify content for the email invitation. If the administrator enter...

Vtiger CRM Open Source Edition 安全漏洞

Vtiger CRM Open Source Edition is a customer relationship management software from Vtiger, Inc. A security vulnerability exists in Vtiger CRM Open Source Edition version v8.3.0, which originates from the ZIP import feature and could lead to the execution of arbitrary PHP code...

CVE-2024-51757 Fixes security vulnerability that allowed for server side code to be executed by a <script> tag

happy-dom is a JavaScript implementation of a web browser without its graphical user interface. Versions of happy-dom prior to 15.10.2 may execute code on the host via a script tag. This would execute code in the user context of happy-dom. Users are advised to upgrade to version 15.10.2. There ar...

CVE-2024-51757 Fixes security vulnerability that allowed for server side code to be executed by a <script> tag

happy-dom is a JavaScript implementation of a web browser without its graphical user interface. Versions of happy-dom prior to 15.10.2 may execute code on the host via a script tag. This would execute code in the user context of happy-dom. Users are advised to upgrade to version 15.10.2. There ar...

happy-dom allows for server side code to be executed by a <script> tag

Impact Consumers of the NPM package happy-dom Patches The security vulnerability has been patched in v15.10.2 Workarounds No easy workarounds to my knowledge References 1585...

GHSA-96G7-G7G9-JXW8 happy-dom allows for server side code to be executed by a <script> tag

Impact Consumers of the NPM package happy-dom Patches The security vulnerability has been patched in v15.10.2 Workarounds No easy workarounds to my knowledge References 1585...

CVE-2024-8704

The Advanced File Manager plugin for WordPress is vulnerable to Local JavaScript File Inclusion in all versions up to, and including, 5.2.8 via the 'fmalocale' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrar...

AutoCMS 安全漏洞

AutoCMS is a Content Management System CMS from AutoCMS Open Source. It helps dealerships manage their website content, online advertising, social media and analytics. A security vulnerability exists in AutoCMS version 5.4, which stems from a PHP code injection vulnerability in the txtsiteurl...

SPIP 安全漏洞

SPIP is a free software for creating Internet sites from the SPIP open source. A security vulnerability exists in SPIP that stems from vulnerability to arbitrary code execution vulnerability, where a remote, unauthenticated attacker can execute arbitrary PHP as a SPIP user by sending a crafted HT...

WordPress plugin LearnPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-6164

The Filter & Grids WordPress plugin before 2.8.33 is vulnerable to Local File Inclusion via the postlayout parameter. This makes it possible for an unauthenticated attacker to include and execute PHP files on the server, allowing the execution of any PHP code in those files...

CVE-2024-6467

The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to Arbitrary File Read to Arbitrary File Creation in all versions up to, and including, 1.1.5 via the 'bookingpresssavelitewizardsettingsfunc' function. This makes it possible fo...

CVE-2024-5455

The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.5.4 via the 'magazinestyle' parameter within the Dynamic Smart Showcase widget. This makes it possible for authenticated attackers, with Contributor-level...

WordPress Plugin Custom Field Suite Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...