23 matches found
DeepL Chrome browser extension vulnerable to cross-site scripting
Overview DeepL Chrome browser extension contains the following vulnerability. Cross-site scripting CWE-79 - CVE-2026-40451 This vulnerability was reported by the researchers below and JPCERT/CC coordinated with the developer. Junki Yuasa of Cybozu, Inc. reported this vulnerability to JPCERT/CC...
📄 ChurchCRM 6.8.0 Information Disclosure Tester
ChurchCRM versions 6.8.0 and earlier expose the installation setup endpoint without proper access restrictions. If the setup process remains accessible after deployment, it may allow unauthorized users to interact with configuration parameters. This misconfiguration increases the risk of...
📄 WP-Polls 2.73 Cross Site Scripting
A cross site scripting vulnerability exists in WP-Polls WordPress Plugin version 2.73. This issue is older research added to the archive. WP-Polls 2.73 - Reflected Cross-site Scripting Advisory ID: RO-16-005 CVE ID: CVE-2016-10936 Severity: Medium Vendor: WordPress Product: WP-Polls Version: 2.73...
Siemens TeleControl Server Basic
SUMMARY TeleControl Server Basic before V3.1.2.4 contains a local privilege escalation vulnerability that could allow an attacker to run arbitrary code with elevated privileges. Siemens has released a new version for TeleControl Server Basic and recommends to update to the latest version. 2...
GHSA-QXFV-FCPC-W36X Claude Code rg vulnerability does not protect against approval prompt bypass
Due to an error in command parsing, it was possible to bypass the Claude Code confirmation prompt to trigger execution of an untrusted command. Reliably exploiting this requires the ability to add untrusted content into a Claude Code context window. Users on standard Claude Code auto-update will...
KLA84380 Multiple vulnerabilities in Mozilla Firefox ESR
Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, perform cross-site scripting attack, spoof user interface, cause denial of service. Below is a complete list of vulnerabilities: 1...
KLA81178 SB vulnerability in LibreOffice
Validation of untrusted input vulnerability was found in LibreOffice. Malicious users can exploit this vulnerability to bypass security restrictions. Original advisories CVE-2025-1080: Macro URL arbitrary script execution Related products LibreOffice CVE list CVE-2025-1080 high Solution Update to...
SUSHIRO App for Android outputs sensitive information to the log file
Overview SUSHIRO App for Android provided by AKINDO SUSHIRO CO., LTD. outputs sensitive information to the log file CWE-532. Impact An attacker may obtain a credential information from the log file. Solution Update the Application Update the application to the latest version according to the...
Multiple vulnerabilities in GROWI
Overview GROWI provided by WESEEK, Inc. contains multiple vulnerabilities listed below. NoSQL injection CWE-943 - CVE-2021-20736 Improper authentication CWE-287 - CVE-2021-20737 Impact The expected impact depends on each vulnerability, but it may be affected as follows. A user who can access the...
Chrome Extension for e-Tax Reception System vulnerable to arbitrary command execution
Overview Chrome Extension for e-Tax Reception System provided by National Tax Agency is an extension to use the e-Tax Reception System on Google Chrome and/or Chromium-based versions of Microsoft Edge. When a user runs a Chrome Extension for e-Tax Reception System, a specially crafted parameter b...
Multiple Trend Micro products vulnerable to denial-of-service (DoS)
Overview Premium Security 2019 for Windows, Maximum Security 2019 for Windows, Internet Security 2019 for Windows, and Antivirus+ Security 2019 for Windows provided by Trend Micro Incorporated contain a denial-of-service DoS vulnerability CWE-400. BlackWingCat of Pink Flying Whale reported this...
Joomla! Component JS Jobs 1.2.0 - Cross-Site Request Forgery
Exploit Title: Joomla! Component Js Jobs - Multiple Cross Site Request Forgery Vulnerabilities Google Dork: N/A Date: 17-04-2018 Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: https://www.joomsky.com Software Link:...
KLA11106 Multiple vulnerabilities in Apache Tomcat
Multiple serious vulnerabilities have been found in Apache Tomcat. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions and obtain sensitive information. Below is a complete list of vulnerabilities: 1. A vulnerability related to VirtualDirConte...
Self-Extracting Archives created by File Compact may insecurely load Dynamic Link Libraries
Overview File Compact provided by SOURCENEXT CORPORATION is compression/decompression software. It can also create self-extracting archive files. Self-extracting archive files created by File Compact contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link...
Research Artisan Lite vulnerable to cross-site scripting
Overview Research Artisan Lite provided by Research Artisan Project is an access analysis tool. Research Artisan Lite contains multiple cross-site scripting vulnerabilities CWE-79. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC coordinated with the...
Ruby on Rails library Paperclip vulnerable to cross-site scripting
Overview Paperclip provided by thoughtbot is a library to upload files in Ruby on Rails. Paperclip contains a persistent cross-site scripting vulnerability CWE-79. MORI Shingo of DeNA Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...
KLA10453 Multiple vulnerabilities in Wireshark
Multiple serious vulnerabilities have been found in Wireshark. Malicious users can exploit these vulnerabilities to cause denial of service. These vulnerabilities can be exploited via a specially designed packet. Original advisories - Related products Wireshark CVE list CVE-2015-0564 warning...
KLA10028 ACE vulnerability in Adobe Illustrator
An unspecified vulnerability was found in Adobe Illustrator CS6. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited from the network at a point related to an unspecified application. Original advisories Adobe bulletin Related products...
BeeCMS v3.4 后台验证绕过
/includes/fun.php 弱验证导致后台验证绕过 0 v3.4 更新到最新版本...
KLA10208 OSI vulnerability in IBM Security AppScan
Weak encryption algorithms were found in IBM Security AppScan. By exploiting this vulnerability malicious users can obtain sensitive information. This vulnerability can be exploited remotely at a point related to SSL. Original advisories - Related products...