youlai-mall 安全漏洞

youlai-mall is a full-stack mall system by youlaitech open source. A security vulnerability exists in youlai-mall version 1.0.0 and 2.0.0, which stems from a mis-control of dynamically recognized variables in the file /mall-ums/app-api/v1/addresses...

CVE-2025-66084 WordPress FluentCommunity plugin <= 2.0.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Shahjahan Jewel FluentCommunity fluent-community allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FluentCommunity: from n/a through = 2.0.0...

CVE-2025-12761 Simple multi step form - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-116

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Simple multi step form allows Cross-Site Scripting XSS.This issue affects Simple multi step form: from 0.0.0 before 2.0.0...

CVE-2025-12015

The Convert WebP & AVIF | Quicq | Best image optimizer and compression plugin | Improve your Google Pagespeed plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxwpqaidisconnectquicqafosto' AJAX endpoint in all versions up to, an...

Oracle WebLogic Server (October 2025 CPU)

The 12.2.1.4.0, 14.1.1.0.0, and 14.1.2.0.0 versions of WebLogic Server installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2025 CPU advisory. - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Centralized...

CVE-2011-20002

A vulnerability has been identified in SIMATIC S7-1200 CPU V1 family incl. SIPLUS variants All versions V2.0.2, SIMATIC S7-1200 CPU V2 family incl. SIPLUS variants All versions V2.0.2. Affected controllers are vulnerable to capture-replay in the communication with the engineering software. This...

CVE-2025-59932 FlagForgeCTF Unauthenticated Resource Modification/Deletion

Flag Forge is a Capture The Flag CTF platform. From versions 2.0.0 to before 2.3.1, the /api/resources endpoint previously allowed POST and DELETE requests without proper authentication or authorization. This could have enabled unauthorized users to create, modify, or delete resources on the...

Vimesoft Messaging Platform 安全漏洞

Vimesoft Messaging Platform is an enterprise instant messaging platform from the Turkish company Vimesoft. A security vulnerability exists in Vimesoft Messaging Platform version V1.3.0 up to and including version V2.0.0, which stems from the embedding of sensitive information in the sent data and...

PT-2025-38781

Name of the Vulnerable Software and Affected Versions Double the Donation versions through 2.0.0 Description A Cross-Site Request Forgery CSRF issue exists in Double the Donation. This allows attackers to potentially perform actions on behalf of an authenticated user without their knowledge...

CVE-2025-57814

request-filtering-agent is an https.Agent implementation that blocks requests to Private/Reserved IP addresses. Versions 1.x.x and earlier contain a vulnerability where HTTPS requests to 127.0.0.1 bypass IP address filtering, while HTTP requests are correctly blocked. This allows attackers to...

CVE-2025-48495 Gokapi has stored XSS vulnerability in friendly name for API keys

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. By renaming the friendly name of an API key, an authenticated user could inject JS into the API key overview, which would also be executed when another user clicks on his API tab. Prior to version 2.0.0,...

CVE-2025-48494

CVE-2025-48494 concerns Gokapi, a self-hosted file sharing server. The issue is a stored XSS vulnerability when using end-to-end encryption: uploading a file with a JavaScript payload in the filename, which is parsed when the upload list is opened. Before version 2.0.0, there was no user-permissi...

WSO2 API Manager 安全漏洞

WSO2 API Manager is a suite of API lifecycle management solutions from US-based WSO2. A security vulnerability exists in WSO2 API Manager version 2.0.0 and prior versions, which stems from insufficient validation of XML inputs to the gateway component and could lead to XML external entity injecti...

RuoYi AI 安全漏洞

RuoYi AI is a full-stack AI development platform for ageerle individual developers, designed to help developers rapidly build and deploy personalized AI applications. A security vulnerability exists in RuoYi AI version 2.0.0 and earlier, which stems from improper authorization in the...

WordPress Narnoo Operator plugin <= 2.0.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin Narnoo Operator versions = 2.0.0...

ASUS RT-N12E 代码注入漏洞

The ASUS RT-N12E is a wireless router from the Chinese company ASUS. A cross-site scripting vulnerability exists in ASUS RT-N12E version 2.0.0.19, which stems from the lack of effective filtering and escaping of user-supplied data in the SSID parameter of the sysinfo.asp file, which can be...

WordPress plugin Aklamator INfeed 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Malicious code in grafana-report-panel (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 8623412527e3e107cf7a8046c236118472390191d5e456e969b6c628b3d708fa The OpenSSF Package Analysis project identified 'grafana-report-panel' @ 2.0.0 npm as malicious. It is considered malicious because: - The packa...

PT-2024-31240 · Unknown · Eq Enterprise Management System

Name of the Vulnerable Software and Affected Versions: EQ Enterprise Management System versions prior to v2.0.0 Description: An issue in EQ Enterprise Management System allows attackers to execute a directory traversal via crafted requests. This issue affects versions prior to v2.0.0...

PT-2025-7452 · Hitachi Vantara · Hitachi Vantara Pentaho Business Analytics Server

Name of the Vulnerable Software and Affected Versions: Hitachi Vantara Pentaho Business Analytics Server versions prior to 10.2.0.0 and 9.3.0.9, including 8.3.x Description: The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality...