15 matches found
EUVD-2026-39743
Subscriber Server Side Request Forgery SSRF in Kirki = 6.0.11 versions...
CVE-2025-69001
Improper Control of Generation of Code 'Code Injection' vulnerability in Shahjahan Jewel FluentForm fluentform allows Code Injection.This issue affects FluentForm: from n/a through = 6.1.11...
CVE-2025-69001
Improper Control of Generation of Code 'Code Injection' vulnerability in Shahjahan Jewel FluentForm fluentform allows Code Injection.This issue affects FluentForm: from n/a through = 6.1.11...
WordPress plugin FluentForm has a code injection vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
CVE-2026-22597 Ghost has SSRF via External Media Inliner
Ghost is a Node.js content management system. In versions 5.38.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems via SSRF...
CVE-2025-9571
A remote code execution RCE vulnerability exists in Google Cloud Data Fusion. A user with permissions to upload artifacts to a Data Fusion instance can execute arbitrary code within the core AppFabric component. This could allow the attacker to gain control over the Data Fusion instance,...
CVE-2025-67569
Missing Authorization vulnerability in scriptsbundle AdForest adforest allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AdForest: from n/a through = 6.0.11...
CVE-2025-66421
Tryton sao aka tryton-sao before 7.6.11 allows XSS because it does not escape completion values. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.69...
CVE-2025-10095
CVE-2025-10095 affects the SMSEagle firmware in the SMPP server component. The issue arises from improper sanitization of user input in the SMPP server scripts during database interactions, and is limited to the SMPP server’s dedicated database. The vulnerability’s impact is described as a SQL in...
Linux Distros Unpatched Vulnerability : CVE-2022-47520
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the Linux kernel before 6.0.11. Missing offset validation in drivers/net/wireless/microchip/wilc1000/hif.c in the WILC1000 wireless...
CVE-2019-19041
An issue was discovered in Xorux Lpar2RRD 6.11 and Stor2RRD 2.61, as distributed in Xorux 2.41. They do not correctly verify the integrity of an upgrade package before processing it. As a result, official upgrade packages can be modified to inject an arbitrary Bash script that will be executed by...
UBUNTU-CVE-2022-47519
An issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211P2PATTROPERCHANNEL in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger an out-of-bounds write when parsing the channel list attribute from Wi-Fi management frame...
CVE-2022-3035
Cross-site Scripting XSS - Stored in GitHub repository snipe/snipe-it prior to v6.0.11...
CVE-2020-14516
In Rockwell Automation FactoryTalk Services Platform Versions 6.10.00 and 6.11.00, there is an issue with the implementation of the SHA-256 hashing algorithm with FactoryTalk Services Platform that prevents the user password from being hashed properly...
CVE-2017-14000
An Improper Authentication issue was discovered in Ctek SkyRouter Series 4200 and 4400, all versions prior to V6.00.11. By accessing a specific uniform resource locator URL on the web server, a malicious user is able to access the application without authenticating...