97 matches found
CVE-2025-0769 PixelYourSite 10.1.1.1 - Insecure deserialization
PixelYourSite - Your smart PIXEL TAG and API Manager 10.1.1.1 was found to be vulnerable. Unvalidated user input is used directly in an unserialize function in myapp/modules/facebook/facebook-server-a sync-task.php...
CVE-2025-0769 PixelYourSite 10.1.1.1 - Insecure deserialization
PixelYourSite - Your smart PIXEL TAG and API Manager 10.1.1.1 was found to be vulnerable. Unvalidated user input is used directly in an unserialize function in myapp/modules/facebook/facebook-server-a sync-task.php...
CVE-2025-0769
PixelYourSite – Your smart PIXEL (TAG) and API Manager plugin (WordPress) version 10.1.1.1 is affected by CVE-2025-0769 due to unvalidated user input being used directly in an unserialize call inside myapp/modules/facebook/facebook-server-sync-task.php. The vulnerability is described as an unauth...
PT-2025-9133 · Unknown · Pixelyoursite
Name of the Vulnerable Software and Affected Versions: PixelYourSite - Your smart PIXEL TAG and API Manager version 10.1.1.1 Description: The issue arises from unvalidated user input being used directly in an unserialize function. This occurs in the myapp/modules/facebook/facebook-server-a...
CVE-2025-0767
WP Activity Log 5.3.2 was found to be vulnerable. Unvalidated user input is used directly in an unserialize function in myapp/classes/Writers/class-csv-writer.php...
CVE-2025-0767 WP Activity Log 5.3.2 - Insecure deserialization
WP Activity Log 5.3.2 was found to be vulnerable. Unvalidated user input is used directly in an unserialize function in myapp/classes/Writers/class-csv-writer.php...
CVE-2025-0767
CVE-2025-0767 pertains to WP Activity Log 5.3.2, where unvalidated user input is directly fed into PHP’s unserialize function inside myapp/classes/Writers/class-csv-writer.php. This is an insecure deserialization risk with high impact (per the cited metrics: CVSS 3.1 base score 9.8, high confiden...
CVE-2022-43971
An arbitrary code exection vulnerability exists in Linksys WUMC710 Wireless-AC Universal Media Connector with firmware = 1.0.02 build3. The dosetNTP function within the httpd binary uses unvalidated user input in the construction of a system command. An authenticated attacker with administrator...
Portábilis i-Educar 安全漏洞
Portábilis i-Educar is an application from Portábilis. It can easily help you with basic and technical education. A security vulnerability exists in Portábilis i-Educar that stems from not validating user input...
AnythingLLM Input Validation Error Vulnerability
AnythingLLM is a document chatbot that meets business requirements. An input validation error vulnerability exists in AnythingLLM that stems from the application failing to properly validate user input before passing it to prisma functions and other critical operations...
Server side request forgery (ssrf)
Whoogle Search is a self-hosted metasearch engine. In versions prior to 0.8.4, the element method in app/routes.py does not validate the user-controlled srctype and elementurl variables and passes them to the send method which sends a GET request on lines 339-343 in request.py, which leads to a...
Server side request forgery (ssrf)
Medusa is an automatic video library manager for TV shows. Versions prior to 1.0.19 are vulnerable to unauthenticated blind server-side request forgery SSRF. The testslack request handler in medusa/server/web/home/handler.py does not validate the user-controlled slackwebhook variable and passes i...
CVE-2023-40797
In Tenda AC23 v16.03.07.45cn, the sub4781A4 function does not validate the parameters entered by the user, resulting in a post-authentication stack overflow vulnerability...
Pie Register < 3.7.2.4 - Open Redirect
The plugin passes unvalidated user input to the wpredirect function, without validating it, leading to an Open redirect issue PoC https://example.com/?piereglogouturl=trueto=https://wpscan.com...
Cross-site Scripting (XSS) - Reflected in vfleaking/uoj
✍️ Description Cross-site Scripting XSS refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates. The...
Cross-site Scripting (XSS) - Reflected in andrewpaglusch/flashpaper
✍️ Description Cross-site Scripting XSS refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates. The...
Cross-site Scripting (XSS) - Reflected in kasuganosoras/pigeon
✍️ Description Cross-site Scripting XSS refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates. The...
Cross-site Scripting (XSS) - Reflected in mailcow/mailcow-dockerized
✍️ Description Cross-site Scripting XSS refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates. The...
IBM API Connect Code Injection Vulnerability
IBM API Connect is a comprehensive end-to-end API lifecycle solution. a code injection vulnerability exists in IBM API Connect versions 5.0.0.0 - 5.0.8.11. The vulnerability stems from unvalidated user input. An attacker could exploit the vulnerability to inject code...
CVE-2021-24327 SEO Redirection < 6.4 - Authenticated Stored Cross-Site Scripting (XSS)
The SEO Redirection Plugin – 301 Redirect Manager WordPress plugin before 6.4 did not sanitise the Redirect From and Redirect To fields when creating a new redirect in the dashboard, allowing high privilege users even with the unfilteredhtml disabled to set XSS payloads...