File Thingie 安全漏洞

File Thingie is a file manager personally developed by Frances Leese. Version 2.5.7 of File Thingie has a security vulnerability, which stems from the improper handling of the function for creating folders from URLs. This vulnerability may lead to directory traversal attacks...

Pannellum has a XSS vulnerability in hot spot attributes

Impact The hot spot attributes configuration property allowed any attribute to be set, including HTML event handler attributes, allowing for potential XSS attacks. This affects websites hosting the standalone viewer HTML file and any other use of untrusted JSON config files bypassing the...

CVE-2022-25732

creationtimestamp| type| source ---|---|--- 2026-01-20 08:04:56+00:00| seen| https://infosec.exchange/users/certvde/statuses/115926387351405846...

CVE-2025-69023

Missing Authorization vulnerability in Marketing Fire Discussion Board wp-discussion-board allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Discussion Board: from n/a through = 2.5.7...

CVE-2025-69023

Missing Authorization vulnerability in Marketing Fire Discussion Board wp-discussion-board allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Discussion Board: from n/a through = 2.5.7...

PT-2025-52321

Name of the Vulnerable Software and Affected Versions File Thingie version 2.5.7 Description The software contains an authenticated file upload issue that enables remote attackers to upload malicious PHP zip archives to the web server. Attackers can create a custom PHP payload, upload and unzip i...

PT-2025-48318

app/Model/EventReport.php in MISP before 2.5.27 allows path traversal in view picture for a site-admin...

CVE-2025-10646

The Search Exclude plugin for WordPress is vulnerable to unauthorized modification of data due to a insufficient capability check on the Base::getrestpermission method in all versions up to, and including, 2.5.7. This makes it possible for authenticated attackers, with Contributor-level access an...

CVE-2025-10646 Search Exclude <= 2.5.7 – Missing Authorization to Authenticated (Contributor+) Search Settings Modification via REST API

The Search Exclude plugin for WordPress is vulnerable to unauthorized modification of data due to a insufficient capability check on the Base::getrestpermission method in all versions up to, and including, 2.5.7. This makes it possible for authenticated attackers, with Contributor-level access an...

WordPress Maspik plugin <= 2.5.6 - Authenticated (Subscriber+) Missing Authorization to Spam Log Export vulnerability

Authenticated Subscriber+ Missing Authorization to Spam Log Export vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Maspik – Spam blacklist versions = 2.5.6...

CVE-2024-43988

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in digitalnature Mystique allows Stored XSS.This issue affects Mystique: from n/a through 2.5.7...

WordPress Radio Station plugin <= 2.5.7 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Radio Station versions = 2.5.7...

SUSE CVE-2017-11509

An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement...

CVE-2022-25748

creationtimestamp| type| source ---|---|--- 2022-10-19 14:15:23+00:00| seen| https://t.me/cibsecurity/51765...

CVE-2021-37165

A buffer overflow issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. When a message is sent to the HMI TCP socket, it is forwarded to the hmiProcessMsg function through the pendingQ, and may lead t...

MODX Revolution Cross-Site Scripting Vulnerability (CNVD-2017-07468)

MODX Revolution is a PHP-based open source content management system CMS from the U.S. company MODX. The system supports online collaboration, search engine optimization SEO, add-ons and more. A cross-site scripting vulnerability exists in versions of MODX Revolution prior to 2.5.7. A remote...