122 matches found
CVE-2025-9169 SolidInvoice Quote quotes cross site scripting
A vulnerability was determined in SolidInvoice up to 2.4.0. Impacted is an unknown function of the file /quotes of the component Quote Module. This manipulation of the argument Name causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly disclosed...
Apache Seata 安全漏洞
Apache Seata is an open source project from the Apache USA Foundation that provides high-performance and easy-to-use distributed transactional services in a microservices architecture. A security vulnerability exists in Apache Seata version 2.4.0, which stems from deserializing untrustworthy data...
CVE-2022-40970
creationtimestamp| type| source ---|---|--- 2025-05-28 20:19:35+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lqazn5vm7w2w...
CVE-2024-56236
Missing Authorization vulnerability in Juniper Hestia Nginx Cache hestia-nginx-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hestia Nginx Cache: from n/a through = 2.4.0...
CVE-2022-40690
Cross-site scripting vulnerability in BookStack versions prior to v22.09 allows a remote authenticated attacker to inject an arbitrary script...
Fortinet FortiOS, FortiProxy, and FortiSwitchManager 7.2.0 - Authentication bypass
Exploit Title: Fortinet FortiOS, FortiProxy, and FortiSwitchManager 7.2.0 - Authentication bypass Date: 2022-10-10 Exploit Author: Zach Hanley, SC Vendor Homepage: https://www.fortinet.com Version: 7.0.0 Tested on: Linux CVE : CVE-2022-40684 This module requires Metasploit:...
WordPress Podčlánková inzerce plugin <= 2.4.0 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by thiennv in WordPress Plugin Podčlánková inzerce versions = 2.4.0...
Optimizely Configured Commerce 安全漏洞
Optimizely Configured Commerce is a portfolio commerce platform from Optimizely, Inc. A security vulnerability exists in Optimizely Configured Commerce prior to version 5.2.2408 that originates from allowing visitors to send emails that may contain unfiltered HTML tags under certain circumstances...
WordPress picu – Online Photo Proofing Gallery plugin <= 2.4.0 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by thiennv in WordPress Plugin picu versions = 2.4.0...
PT-2024-16627 · WordPress · The Counter Up – Animated Number Counter & Milestone Showcase
Name of the Vulnerable Software and Affected Versions: The Counter Up – Animated Number Counter & Milestone Showcase plugin for WordPress versions up to, and including, 2.4.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'lgx-counter' shortcode due to...
PT-2024-33002 · Butterfly Effect Limited · Monica Chatgpt Ai Assistant
Name of the Vulnerable Software and Affected Versions: Butterfly Effect Limited Monica ChatGPT AI Assistant version 2.4.0 Description: A prompt injection issue in the chatbox allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via ...
PT-2024-31454 · Za Internet · Za-Internet C-Mor Video Surveillance
Name of the Vulnerable Software and Affected Versions: za-internet C-MOR Video Surveillance version 5.2401 Description: An issue was discovered due to improper or missing access control, allowing low privileged users to use administrative functions of the C-MOR web interface. Although different...
Exploit for Code Injection in Rejetto Http_File_Server
An unauth SSTI in the Rejetto HTTP File Server HFS. Original...
CVE-2024-32056
A vulnerability has been identified in Simcenter Femap All versions V2406. The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted IGS part file. This could allow an attacker to execute code in the context of the current proce...
PT-2024-4862 · Siemens · Simcenter Femap
Name of the Vulnerable Software and Affected Versions: Simcenter Femap versions prior to V2406 Description: The issue is related to an out of bounds write past the end of an allocated buffer while parsing a specially crafted IGS part file. This could allow an attacker to execute code in the conte...
VulnCheck KEV: CVE-2024-4455
The YITH WooCommerce Ajax Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the item parameter in versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...
CVE-2024-33577
A vulnerability has been identified in Simcenter Femap All versions V2406. The affected applications contain a stack overflow vulnerability while parsing specially strings as argument for one of the application binaries. This could allow an attacker to execute code in the context of the current...
PT-2024-3682 · Siemens · Simcenter Femap
Name of the Vulnerable Software and Affected Versions: Simcenter Femap versions prior to V2406 Description: A vulnerability has been identified that allows an attacker to execute code in the context of the current process by exploiting an out of bounds read past the end of an allocated structure...
Nextcloud Security Breach
Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud that stems from improper handling of request URLs, which allows users to load unallowed application pages...
CVE-2023-49168
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WordPlus Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss allows Stored XSS.This issue affects Better Messages – Live Chat for WordPress, BuddyPress, PeepSo...