325 matches found
CVE-2026-33743
Incus is a system container and virtual machine manager. Prior to version 6.23.0, a specially crafted storage bucket backup can be used by an user with access to Incus' storage bucket feature to crash the Incus daemon. Repeated use of this attack can be used to keep the server offline causing a...
WordPress plugin Complianz 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress plugin Tour & Activity Operator Plugin for TourCMS 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
WordPress plugin Contact List 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress plugin WP NG Weather 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
Statamic 跨站脚本漏洞
Statamic is a powerful flat-file CMS built using Laravel by Statamic Inc. It allows all content, templates, assets, and settings to be stored in files rather than in a database. Versions of Statamic 5.73.14 and earlier, as well as 6.7.0 and earlier, had a cross-site scripting vulnerability. This...
EUVD-2026-12655
Edimax GS-5008PL firmware version 1.00.54 and prior contain an insecure credential storage vulnerability that allows attackers to obtain administrator credentials by accessing configuration backup files. Attackers can download the config.bin file through fupload.cgi to extract plaintext username...
CVE-2026-32842
Edimax GS-5008PL firmware version 1.00.54 and prior contain an insecure credential storage vulnerability that allows attackers to obtain administrator credentials by accessing configuration backup files. Attackers can download the config.bin file through fupload.cgi to extract plaintext username...
FileBrowser Quantum 跨站脚本漏洞
FileBrowser Quantum is a file manager developed by Graham Steffaniak. Versions of FileBrowser Quantum prior to 1.3.1-beta and 1.2.2-stable contained a cross-site scripting vulnerability. This vulnerability stemmed from the lack of context-aware escaping when rendering shared metadata fields, whic...
WordPress plugin DA Media GigList 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
Gokapi 跨站脚本漏洞
Gokapi is a lightweight, self-hosted alternative to Firefox sending messages developed by Marc Bulling. Versions of Gokapi prior to 2.2.3 contained a cross-site scripting vulnerability. This vulnerability stemmed from malicious authenticated users uploading SVG files and creating hot links, which...
Calendar 跨站脚本漏洞
Calendar is an event management module developed by HumHub, offering a comprehensive solution for events within companies or organizations. Versions of Calendar prior to 1.8.11 contained a cross-site scripting vulnerability. This vulnerability stemmed from the existence of storage-type cross-site...
NocoDB 跨站脚本漏洞
NocoDB is an open-source alternative to Airtable. It converts any MySQL, PostgreSQL, SQL Server, SQLite, and MariaDB databases into intelligent spreadsheets. Versions of NocoDB prior to 0.301.3 had a cross-site scripting vulnerability. This vulnerability occurred due to the lack of cleanup during...
WordPress plugin Blocksy 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
WordPress plugin WP Accessibility 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
Vulnerability in Hitachi Configuration Manager and Hitachi Ops Center API Configuration Manager
Overview Credential storage vulnerability exists in Hitachi Configuration Manager and Hitachi Ops Center API Configuration Manager CVE-2025-0976. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for th...
Mozilla Thunderbird < 148.0
The version of Thunderbird installed on the remote Windows host is prior to 148.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-16 advisory. - Memory safety bugs present in Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory...
WordPress plugin Cool Tag Cloud 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
LibreNMS 安全漏洞
LibreNMS is an open-source network monitoring system developed by the LibreNMS community, based on PHP and MySQL. This system features custom alerts, automatic discovery of networks, and automatic updates. There were security vulnerabilities in LibreNMS versions 24.10.0 to 26.1.1. These...
WordPress plugin salavat counter Plugin 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...