CVE-2026-2080 UTT HiPER 810 formUser setSysAdm command injection

A vulnerability has been found in UTT HiPER 810 1.7.4-141218. This issue affects the function setSysAdm of the file /goform/formUser. The manipulation of the argument passwd1 leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public an...

CVE-2026-1162 UTT HiPER 810 setSysAdm strcpy buffer overflow

A flaw has been found in UTT HiPER 810 1.7.4-141218. The impacted element is the function strcpy of the file /goform/setSysAdm. This manipulation of the argument passwd1 causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used...

CVE-2025-60538

A lack of rate limiting in the login page of shiori v1.7.4 and below allows attackers to bypass authentication via a brute force attack...

GHSA-MW8H-G64C-RXV4 Shiori is vulnerable to authentication bypass via a brute force attack

A lack of rate limiting in the login page of shiori v1.7.4 and below allows attackers to bypass authentication via a brute force attack...

Shiori is vulnerable to authentication bypass via a brute force attack

A lack of rate limiting in the login page of shiori v1.7.4 and below allows attackers to bypass authentication via a brute force attack...

CVE-2018-1000217

Dave Gamble cJSON version 1.7.3 and earlier contains a CWE-416: Use After Free vulnerability in cJSON library that can result in Possible crash, corruption of data or even RCE. This attack appear to be exploitable via Depends on how application uses cJSON library. If application provides network...

CVE-2023-25448

Cross-Site Request Forgery CSRF vulnerability in Eric Teubert Archivist – Custom Archive Templates plugin = 1.7.4 versions...

CVE-2024-39899

PrivateBin is an online pastebin where the server has zero knowledge of pasted data. In v1.5, PrivateBin introduced the YOURLS server-side proxy. The idea was to allow using the YOURLs URL shortener without running the YOURLs instance without authentication and/or exposing the authentication toke...

CVE-2025-60538

A lack of rate limiting in the login page of shiori v1.7.4 and below allows attackers to bypass authentication via a brute force attack...

EUVD-2026-1679

A lack of rate limiting in the login page of shiori v1.7.4 and below allows attackers to bypass authentication via a brute force attack...

CVE-2025-60538

A lack of rate limiting in the login page of shiori v1.7.4 and below allows attackers to bypass authentication via a brute force attack...

Shiori 安全漏洞

Shiori is a bookmark manager from Shiori open source. A security vulnerability exists in Shiori 1.7.4 and earlier versions, which stems from a lack of rate limiting on the login page and could allow an attacker to bypass authentication via brute force attack...

CVE-2021-47736

CMSimple_XH 1.7.4 is affected by an authenticated remote code execution in the content editing functionality. The root cause is insufficient input validation/filtering during processing of user-submitted data, allowing authenticated administrators to upload PHP files (via the CSRF mechanism) and ...

CVE-2025-14278

The HT Slider for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'slidetitle' parameter in all versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping in JavaScript. This makes it possible for authenticated attackers, wi...

CVE-2025-14278

The HT Slider for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'slidetitle' parameter in all versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping in JavaScript. This makes it possible for authenticated attackers, wi...

EUVD-2025-203050

The WP Fastest Cache plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.7.4 via the 'getservertimeajaxrequest' AJAX action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to...

Typora 操作系统命令注入漏洞

Typora is a Typora open source editor. An operating system command injection vulnerability exists in Typora version 1.7.4, which stems from a command injection in the PDF export preferences that could lead to the execution of arbitrary system commands...

PT-2025-50897

The WP Fastest Cache plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.7.4 via the 'get server time ajax request' AJAX action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests t...

WordPress plugin WP Fastest Cache 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

PT-2025-47276

Name of the Vulnerable Software and Affected Versions WP Twitter Auto Publish versions prior to 1.7.4 Description The WP Twitter Auto Publish plugin for WordPress is susceptible to Reflected Cross-Site Scripting via PostMessage. This is due to insufficient input sanitization and output escaping. ...