2840 matches found
CVE-2025-48094 WordPress Magic Slider plugin <= 2.2 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup Magic Slider magicslider allows Reflected XSS.This issue affects Magic Slider: from n/a through = 2.2...
EUVD-2025-206323
EVerest is an EV charging software stack. Prior to version 2025.12.0, ismessagecrccorrect in the DZGGSH01 powermeter SLIP parser reads vecvec.size-1 and vecvec.size-2 without checking that at least two bytes are present. Malformed SLIP frames on the serial link can reach ismessagecrccorrect with...
CVE-2025-57786
CVE-2025-57786 is a post-authenticated, reflected XSS in MedDream PACS Premium 7.3.6.870, specifically in the Pacs/notifynewstudy.php script where the value of the user parameter is written into HTML output without sanitization. Talos details confirm the vulnerability can trigger arbitrary JavaSc...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003130)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003130 advisory. Linux Kernel version 3.18 to 4.16 incorrectly handles an SGIO ioctl on /dev/sg0 with dxferdirection=SGDXFERFROMDEV and an empty 6-byte cmdp. This may lead to copying...
PT-2026-4682
Name of the Vulnerable Software and Affected Versions Sangfor Operation and Maintenance Security Management System versions up to 3.0.12 Description A flaw exists in Sangfor Operation and Maintenance Security Management System. The issue is due to command injection within the HTTP POST Request...
CVE-2023-50671
In exiftags 1.01, nikonprop1 in nikon.c has a heap-based buffer overflow write of size 28 because snprintf can write to an unexpected address...
CVE-2023-49954
The CRM Integration in 3CX before 18.0.9.23 and 20 before 20.0.0.1494 allows SQL Injection via a first name, search string, or email address...
CVE-2023-49473
Shenzhen JF6000 Cloud Media Collaboration Processing Platform firmware version V1.2.0 and software version V2.0.0 build 6245 is vulnerable to Incorrect Access Control...
CVE-2018-18802
The Tubigan "Welcome to our Resort" 1.0 software allows CSRF via admin/modusers/controller.php?action=edit...
CVE-2021-33725
A vulnerability has been identified in SINEC NMS All versions V1.0 SP2 Update 1. The affected system allows to delete arbitrary files or directories under a user controlled path and does not correctly check if the relative path is still within the intended target directory...
CVE-2021-22988
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, TMUI, also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed page...
CVE-2021-22982
On BIG-IP DNS and GTM version 13.1.x before 13.1.0.4, and all versions of 12.1.x and 11.6.x, big3d does not securely handle and parse certain payloads resulting in a buffer overflow. Note: Software versions which have reached End of Software Development EoSD are not evaluated...
CVE-2016-10864
NETGEAR EX7000 V1.0.0.421.0.94 devices allow XSS via the SSID...
CVE-2019-11546
An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It has a Race Condition which could allow users to approve a merge request multiple times and potentially reach the approval count required to merge...
CVE-2019-11000
An issue was discovered in GitLab Enterprise Edition before 11.7.11, 11.8.x before 11.8.7, and 11.9.x before 11.9.7. It allows Information Disclosure...
CVE-2019-11943
A remote code execution vulnerability was identified in HPE Intelligent Management Center IMC PLAT earlier than version 7.3 E0506P09...
CVE-2019-11969
A remote code execution vulnerability was identified in HPE Intelligent Management Center IMC PLAT earlier than version 7.3 E0506P09...
CVE-2019-20777
An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. WapService mishandles OTA Provisioning on V40 and G7 devices. The LG ID is LVE-SMP-190006 July 2019...
CVE-2019-20025
Certain builds of NEC SV9100 software could allow an unauthenticated, remote attacker to log into a device running an affected release with a hardcoded username and password, aka a Static Credential Vulnerability. The vulnerability is due to an undocumented user account with manufacturer privileg...
CVE-2019-20538
An issue was discovered on Samsung mobile devices with P9.0 software. There is a heap overflow in the knoxkap driver. The Samsung ID is SVE-2019-14857 November 2019...