Unspecified Vulnerability in Emby MediaBrowser (CNVD-2025-19598)

Emby MediaBrowser is a media server software from Emby. A security vulnerability exists in Emby MediaBrowser, which can be exploited by an attacker to bypass authorization via a user control key...

WordPress plugin Motors 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

Emby MediaBrowser 安全漏洞

Emby MediaBrowser is a media server software from Emby. A security vulnerability exists in Emby MediaBrowser, which can be exploited by an attacker to bypass authorization via a user control key...

Composer: Multiple Vulnerabilities

Background Composer is a dependency manager for the PHP programming language. Description Integrators using Composer code to call VcsDriver::getFileContent can have a code injection vulnerability if the user can control the $file or $identifier argument. This leads to a vulnerability on...

Akbim Online Exam Registration 安全漏洞

Akbim Online Exam Registration is an online exam registration system from Akbim Turkey. A security vulnerability exists in Akbim Online Exam Registration prior to version 14.03.2025, which originates from bypassing authorization via a user control key and could lead to the exploitation of trusted...

PAVO Pay 安全漏洞

PAVO Pay is a mobile payment management platform from PAVO Turkey. A security vulnerability exists in PAVO Pay versions prior to 13.05.2025, which originates from bypassing authorization via a user control key and could lead to the exploitation of trusted identifiers...

Turtek Eyotek 安全漏洞

Turtek Eyotek is a cloud-based educational institution management system from Turtek Turkey. A security vulnerability exists in Turtek Eyotek versions prior to 23.06.2025, which stems from bypassing authorization via a user control key and could lead to the exploitation of trusted identifiers...

Turpak Automatic Station Monitoring System 安全漏洞

Turpak Automatic Station Monitoring System is an automated gas station monitoring system from Turpak. A security vulnerability exists in Turpak Automatic Station Monitoring System versions prior to 5.0.6.51, which originates from bypassing authorization via a user control key and may result in...

Vidco VOC TESTER 安全漏洞

Vidco VOC TESTER is a process management software from Vidco. A security vulnerability exists in Vidco VOC TESTER versions prior to 12.41.0 that originates from a user control key leading to an authorization bypass...

CVE-2025-27455 CVE-2025-27455

The web application is vulnerable to clickjacking attacks. The site can be embedded into another frame, allowing an attacker to trick a user into clicking on something different from what the user perceives, thus potentially revealing confidential information or allowing others to take control of...

CVE-2025-27455 CVE-2025-27455

The web application is vulnerable to clickjacking attacks. The site can be embedded into another frame, allowing an attacker to trick a user into clicking on something different from what the user perceives, thus potentially revealing confidential information or allowing others to take control of...

WordPress plugin Download Attachments 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An improper access control vulnerability exists in the WordPress Download Attachments plugin that stems from a user control key leading to an authorization bypass, no details of...

CVE-2025-49192

The web application is vulnerable to clickjacking attacks. The site can be embedded into another frame, allowing an attacker to trick a user into clicking on something different from what the user perceives. This could potentially reveal confidential information or allow others to take control of...

CVE-2024-47758

GLPI is a free asset and IT management software package. Starting in version 9.3.0 and prior to version 10.0.17, an authenticated user can use the API to take control of any user that have the same or a lower level of privileges. Version 10.0.17 contains a patch for this issue...

CVE-2023-28467

In MyBB before 1.8.34, there is XSS in the User CP module via the user email field...

CVE-2023-0104

The listed versions for Weintek EasyBuilder Pro are vulnerable to a ZipSlip attack caused by decompiling a malicious project file. This may allow an attacker to gain control of the user’s computer or gain access to sensitive data...

CVE-2021-21813

Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is passed directly to memcpy copying the path provided by the user into a staticly sized buffer without any length checks resulting in a stack-buffer overflo...

CVE-2019-10789

All versions of curling.js are vulnerable to Command Injection via the run function. The command argument can be controlled by users without any sanitization...

CVE-2017-8899

Invision Power Services IPS Community Suite 4.1.19.2 and earlier has a composite of Stored XSS and Information Disclosure issues in the attachments feature found in User CP. This can be triggered by any Invision Power Board user and can be used to gain access to moderator/admin accounts. The...

WordPress plugin WP JobHunt 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...