76 matches found
ROOT-OS-UBUNTU-2404-CVE-2025-71192 CVE-2025-71192 in rootio-linux - Patched by Root
Root has patched CVE-2025-71192 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
CVE-2026-56060
The CVE concerns the WordPress plugin Print Invoice & Delivery Notes for WooCommerce . Affected: WooCommerce plugin versions up to and including 7.1.1 . Vulnerability: Unauthenticated Sensitive Data Exposure when generating prints for invoices and delivery notes, allowing access to confidential d...
CVE-2026-39335 ChurchCRM has Stored XSS via Unescaped data-* Attributes in Group/Family Controls
ChurchCRM is an open-source church management system. Prior to 7.1.1, there is Stored XSS in group remove control and family editor state/country. This is primarily an admin-to-admin stored XSS path when writable entity fields are abused. This vulnerability is fixed in 7.1.1...
CVE-2026-39335
ChurchCRM is an open-source church management system. Prior to 7.1.1, there is Stored XSS in group remove control and family editor state/country. This is primarily an admin-to-admin stored XSS path when writable entity fields are abused. This vulnerability is fixed in 7.1.1...
PT-2026-30948
ChurchCRM is an open-source church management system. Prior to 7.1.1, there is Stored XSS in group remove control and family editor state/country. This is primarily an admin-to-admin stored XSS path when writable entity fields are abused. This vulnerability is fixed in 7.1.1...
CVE-2026-22352
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PersianScript Persian Woocommerce SMS persian-woocommerce-sms allows Reflected XSS.This issue affects Persian Woocommerce SMS: from n/a through = 7.1.1...
CVE-2026-22352 WordPress Persian Woocommerce SMS plugin <= 7.1.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PersianScript Persian Woocommerce SMS persian-woocommerce-sms allows Reflected XSS.This issue affects Persian Woocommerce SMS: from n/a through = 7.1.1...
Linux Distros Unpatched Vulnerability : CVE-2025-64775
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion. This issue affects Apache Struts: from 2.0.0...
DoS (Denial of Service) com.fasterxml.jackson.core:jackson-core Dependency Vulnerability in Crowd Data Center and Server
This High severity Improper Authorization vulnerability was introduced in version 7.1.0 of Crowd Data Center. This Improper Authorization vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N allows an unauthenticated attacker...
Linux Distros Unpatched Vulnerability : CVE-2017-0474
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and da...
Linux Distros Unpatched Vulnerability : CVE-2017-0405
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A remote code execution vulnerability in Surfaceflinger could enable an attacker using a specially crafted file to cause memory corruption during media file and...
Google Android 安全漏洞
Android is a free and open source Linux-based operating system led and developed by Google Inc. and the Open Handset Alliance. An elevation of privilege vulnerability exists in the Framework of Google Android 7.0, 7.1.1, 7.1.2, 8.0, 8.1, which can be exploited by an attacker to elevate privileges...
DesDev DedeCMS 代码问题漏洞
DesDev DedeCMS Dream Weaving Content Management System is a PHP-based open source content management system CMS from China's Zhuozhuo DesDev. The system has features such as content publishing, content management, content editing and content retrieval. A code issue vulnerability exists in DesDev...
CVE-2024-34245
An arbitrary file read vulnerability in DedeCMS v5.7.114 allows authenticated attackers to read arbitrary files by specifying any path in makehtmljsaction.php...
PT-2024-27184 · Dedecms · Dedecms
Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7.112-UTF8 Description: A vulnerability has been found in DedeCMS, affecting an unknown functionality of the file update guide.php. The manipulation of the argument files leads to path traversal: '../filedir'. The attack can...
PT-2023-27681 · Dedecms · Dedecms
Name of the Vulnerable Software and Affected Versions: DedeCMS versions up to and including 5.7.110 Description: The issue concerns multiple cross-site scripting XSS vulnerabilities. These vulnerabilities are located at the "/dede/vote add.php" API endpoint via the votename and voteitem1...
Fortinet FortiADC 路径遍历漏洞
Fortinet FortiADC is an application delivery controller from Fortinet. A security vulnerability exists in FortiADC version 7.2.0 and versions prior to 7.1.1 that stems from the presence of a relative path traversal, which allows a privileged attacker to remove arbitrary directories from the...
Enc Security Enc DataVault 数据伪造问题漏洞
Enc Security Enc DataVault is a solution from the Dutch company Enc Security. Turn any Usb drive into a secure removable disk for important files. ENC DataVault suffers from an encryption issue vulnerability that stems from ENC DataVault 7.1.1W using an incorrect encryption algorithm, which can b...
CVE-2020-29165
PacsOne Server PACS Server In One Box below 7.1.1 is affected by incorrect access control, which can result in remotely gaining administrator privileges...
Micro Focus ArcSight Logger Cross-Site Scripting Vulnerability (CNVD-2020-65165)
ArcSight Logger is a log management solution optimized for extremely high event throughput, efficient long-term storage and fast data analysis. A cross-site scripting vulnerability exists in Micro Focus ArcSight Logger versions prior to 7.1.1. Detailed vulnerability details are not available at...