PT-2026-32545

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An incomplete mitigation allows for a bypass when a URL contains the string "%action". For certain browser types, this can lead to command injection into the...

CVE-2025-27924

Nintex Automation 5.6 and 5.7 before 5.8 has a stored XSS issue associated with the "Navigate to a URL" action...

CVE-2024-2343

The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.11.6 via the formtourlaction function. This makes it possible for authenticated attackers, with contributor-level access and above, to...

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...

Security Bulletin: Improper authorization by non-admin user in IBM Content Navigator (CVE-2014-0858)

Summary Using 3rd party tools, a non-admin user can modify the URL action so that instead of a getAction, the user can perform a deleteAction against the configuration database. Vulnerability Details CVEID: CVE-2014-0858 DESCRIPTION: Improper authorization by non-admin user CVSS Base Score: 3.5...