1395 matches found
CVE-2025-12588
The USB Qr Code Scanner For Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing nonce validation on the settings page. This makes it possible for unauthenticated attackers to update the plugin's settings...
PT-2025-46333
HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'title' in '/tickets/save'...
WordPress plugin USB Qr Code Scanner For Woocommerce 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...
VulnCheck KEV: CVE-2021-4462
Employee Records System version 1.0 contains an unrestricted file upload vulnerability that allows a remote unauthenticated attacker to upload arbitrary files via the uploadID.php endpoint; uploaded files can be executed because the application does not perform proper server-side...
PT-2025-46154
Name of the Vulnerable Software and Affected Versions JetBrains YouTrack versions prior to 2025.3.104432 Description The issue concerns missing TLS certificate validation in JetBrains YouTrack. This lack of validation disables proper verification of server certificates when establishing TLS...
EUVD-2025-38370
The Mail Mint plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the processcontactattributeimport function in all versions up to, and including, 1.18.10. This makes it possible for authenticated attackers, with Administrator-level access and above...
CVE-2025-57697
AstrBot Project v3.5.22 has an arbitrary file read vulnerability in function encodeimagebs64. Since the encodeimagebs64 function defined in entities.py opens the image specified by the user in the request body and returns the image content as a base64-encoded string without checking the legitimac...
EUVD-2025-38261
AstrBot has an arbitrary file read vulnerability in function encodeimagebs64...
CVE-2025-56232
GOG Galaxy 2.0.0.2 suffers from Missing SSL Certificate Validation. An attacker who controls the local network, DNS, or a proxy can perform a man-in-the-middle MitM attack to intercept update requests and replace installer or update packages with malicious files...
Onlook 安全漏洞
Onlook is a source code visual editing tool from the Onlook open source. A security vulnerability exists in Onlook version 0.2.32, which stems from the API not validating the ownership or membership of the current authenticated user for the requested item ID, potentially resulting in compromised...
MQTT does not validate hostnames
A flaw was found in Rubygem MQTT. By default, the package used to not have hostname validation, resulting in possible Man-in-the-Middle MITM attack...
CVE-2025-12790
A flaw was found in Rubygem MQTT. By default, the package used to not have hostname validation, resulting in possible Man-in-the-Middle MITM attack. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria...
CVE-2025-10691
The Easy Email Subscription plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on the showeditsubpage function. This makes it possible for unauthenticated attackers to delete arbitrary...
CVE-2025-56232
GOG Galaxy 2.0.0.2 suffers from Missing SSL Certificate Validation. An attacker who controls the local network, DNS, or a proxy can perform a man-in-the-middle MitM attack to intercept update requests and replace installer or update packages with malicious files...
CVE-2025-56231
Tonec Internet Download Manager 6.42.41.1 and earlier suffers from Missing SSL Certificate Validation, which allows attackers to bypass update protections...
CVE-2025-12416
The Pagerank Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Cross-Site Request Forgery in all versions up to, and including, 1.1.5. This is due to missing nonce validation on the prsavesettings function and insufficient input sanitization. This makes it possible for...
CVE-2025-12188
The Posts Navigation Links for Sections and Headings – Free by WP Masters plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the 'wpmnavigationlinkssettings' page. This makes it...
CVE-2025-56232
GOG Galaxy 2.0.0.2 suffers from Missing SSL Certificate Validation. An attacker who controls the local network, DNS, or a proxy can perform a man-in-the-middle MitM attack to intercept update requests and replace installer or update packages with malicious files...
Simple Online Hotel Reservation System Code Issue Vulnerability
Simple Online Hotel Reservation System is a simple online hotel reservation system. Simple Online Hotel Reservation System has a code issue vulnerability that stems from a lack of valid validation of uploaded files by the Photo Handler component in file /admin/editroom.php. An attacker can use th...
PT-2025-45152
Name of the Vulnerable Software and Affected Versions GOG Galaxy version 2.0.0.2 Description GOG Galaxy version 2.0.0.2 is susceptible to a missing SSL certificate validation issue. An attacker with control over the local network, DNS, or a proxy can conduct a man-in-the-middle MitM attack. This...