1251 matches found
TOTOLINK A720R、TOTOLINK A3002R和TOTOLINK A3002RU 安全漏洞
TOTOLINK A3002RU and others are products of China Gion Electronics TOTOLINK.TOTOLINK A3002RU is a wireless router product.TOTOLINK A720R is a wireless router.TOTOLINK A3002R is a wireless router.TOTOLINK A3002R is a wireless router. A security vulnerability exists in the TOTOLINK A720R, TOTOLINK...
CVE-2025-3859 Firefox Focus elide URL allows address bar spoofing
Websites directing users to long URLs that caused eliding to occur in the location view could leverage the truncating behavior to potentially trick users into thinking they were on a different webpage. This vulnerability was fixed in Focus 138...
CVE-2025-3529 WordPress Simple PayPal Shopping Cart <= 5.1.2 - Unauthenticated Information Exposure via file_url Parameter
The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.1.2 via the 'fileurl' parameter. This makes it possible for unauthenticated attackers to view potentially sensitive information and download a digital...
CVE-2025-32026 Element Web could load a malicious instance of Element Call leaking media encryption keys
Element Web is a Matrix web client built using the Matrix React SDK. Element Web, starting from version 1.11.16 up to version 1.11.96, can be configured to load Element Call from an external URL. Under certain conditions, the external page is able to get access to the media encryption keys used f...
CVE-2024-45198
insightsoftware Spark JDBC 2.6.21 has a remote code execution vulnerability. Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during the process when the JDBC Driver uses this URL to connect to the database. This can further lead to remote code execution...
CVE-2024-45199
CVE-2024-45199 - summary from provided documents : The issue affects insightsoftware Hive JDBC driver up to version 2.6.13. A remote code execution vulnerability arises when attackers inject malicious parameters into the JDBC URL, triggering a JNDI injection during the connection process with the...
CVE-2025-30067 Apache Kylin: The remote code execution via jdbc url
Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Kylin. If an attacker gets access to Kylin's system or project admin permission, the JDBC connection configuration maybe altered to execute arbitrary code from the remote. You are fine as long as the Kylin's system an...
Important: Red Hat Security Advisory: libreoffice security update
An update for libreoffice is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...
CVE-2025-30593 WordPress Include URL plugin <= 0.3.5 Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in samsk Include URL include-url allows Stored XSS.This issue affects Include URL: from n/a through = 0.3.5...
Updated libreoffice packages fix security vulnerability
Macro URL arbitrary script execution. CVE-2025-1080...
Important: Red Hat Security Advisory: libreoffice security update
An update for libreoffice is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...
Important: libreoffice security update
LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...
CVE-2025-25908
CVE-2025-25908 affects tianti v2.3 with a stored XSS in the coverImageURL parameter at /article/ajax/save. Root cause: unsanitized input in the coverImageURL field leading to arbitrary web scripts/HTML execution. Impact: potential exposure of user data due to crafted payloads; CVSS 3.1 base score...
CVE-2025-27662
Vasion Print formerly PrinterLogic before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Password in URL OVE-20230524-0005...
CVE-2025-27426 Firefox Mobile iOS Full Address Bar Spoof Using Server-Side Redirect to internal error page
Malicious websites utilizing a server-side redirect to an internal error page could result in a spoofed website URL. This vulnerability was fixed in Firefox for iOS 136...
CVE-2022-2216
Server-Side Request Forgery SSRF in GitHub repository ionicabizau/parse-url prior to 7.0.0...
CVE-2022-2900
Server-Side Request Forgery SSRF in GitHub repository ionicabizau/parse-url prior to 8.1.0...
ROS-20250117-05
A vulnerability in the URL Handler component of the Tornado asynchronous networking library is related to URL redirection to an untrusted site. Exploitation of the vulnerability could allow an attacker acting remotely redirect a user to an arbitrary website and conduct a phishing attack...
CVE-2024-11328 CLUEVO LMS, E-Learning Platform <= 1.13.2 - Reflected Cross-Site Scripting
The CLUEVO LMS, E-Learning Platform plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 1.13.2. This makes it possible for unauthenticated attackers to...
CVE-2024-12153 GDY Modular Content <= 0.9.92 - Reflected Cross-Site Scripting
The GDY Modular Content plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 0.9.92. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...