CVE-2026-29598

CVE-2026-29598 affects DDSN Interactive Acora CMS v10.7.1, with multiple stored XSS vulnerabilities in the submit_add_user.asp endpoint. The First Name and Last Name fields are injectable, allowing an attacker to have scripts/HTML executed in the context of the victim’s browser. The CVE entry spe...

CVE-2026-29597

CVE-2026-29597 affects DDSN Interactive Acora CMS v10.7.1. An editor-privileged user can force-browse and manipulate the file parameter of /Admin/file_manager/file_details.asp to access sensitive configuration files (e.g., cm3.xml), leaking credentials (system administrator, SMTP, database) and o...

CVE-2026-29597

DDSN Interactive cm3 Acora CMS version 10.7.1 contains an improper access control vulnerability. An editor-privileged user can access sensitive configuration files by force browsing the “/Admin/filemanager/filedetails.asp” endpoint and manipulating the “file” parameter. By referencing specific...

CVE-2026-2414

Authorization bypass through User-Controlled key vulnerability in HYPR Server allows Privilege Escalation.This issue affects Server: from 9.5.2 before 10.7.2...

CVE-2026-2414

CVE-2026-2414 describes an authorization bypass vulnerability in HYPR Server via a user-controlled key, enabling privilege escalation. Affected versions are HYPR Server 9.5.2 prior to 10.7.2; remediation is to upgrade to 10.7.2 or later. The issue’s concrete impact and exploit specifics are not p...

File Inclusion node-tar Dependency in Jira Software Data Center

This High severity File Inclusion vulnerability was introduced in versions 9.15.2, 9.16.0, 9.17.0, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, 11.0.0, 11.1.0, 11.2.0, and 11.3.1 of Jira Software Data Center. This File Inclusion vulnerability, with a CVSS Score of 8.2 and a CVS...

EUVD-2026-1916

A static password reset token in the password reset function of DDSN Interactive Acora CMS v10.7.1 allows attackers to arbitrarily reset the user password and execute a full account takeover via a replay attack...

CVE-2025-64198

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in appscreo Easy Social Share Buttons easy-social-share-buttons3 allows Reflected XSS.This issue affects Easy Social Share Buttons: from n/a through 10.7.1...

CVE-2025-64198

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in appscreo Easy Social Share Buttons easy-social-share-buttons3 allows Reflected XSS.This issue affects Easy Social Share Buttons: from n/a through 10.7.1...

CVE-2025-64198

CVE-2025-64198 affects the WordPress plugin Easy Social Share Buttons (easy-social-share-buttons3). Affected versions are before 10.7.1. The vulnerability is described as cross-site scripting (XSS); the CVE entry notes Reflected XSS, while Red Hat/Wordfence records underscore an XSS issue in vers...

CVE-2025-64198 WordPress Easy Social Share Buttons plugin < 10.7.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in appscreo Easy Social Share Buttons easy-social-share-buttons3 allows Reflected XSS.This issue affects Easy Social Share Buttons: from n/a through 10.7.1...

WordPress plugin Easy Social Share Buttons 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blogging sites on PHP and MySQL based servers.WordPress plugin is an application plugin... A security...

PT-2025-45334

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in appscreo Easy Social Share Buttons easy-social-share-buttons3 allows Reflected XSS.This issue affects Easy Social Share Buttons: from n/a through 10.7.1...

EUVD-2022-40800

Malicious code in bioql PyPI...

CVE-2024-4040

A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code...

PT-2023-20336 · Esri · Esri Portal For Arcgis

Name of the Vulnerable Software and Affected Versions: Esri Portal for ArcGIS versions 10.7.1 through 10.9.1 Description: The issue allows a remote, unauthenticated attacker to create a crafted link that, when clicked, could potentially execute arbitrary JavaScript code in the victim's browser...

CVE-2022-38204

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and 10.7.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser...

Esri Portal For ArcGIS 跨站脚本漏洞

Esri Portal For ArcGIS is a component from Environmental Systems Research Institute Esri that allows maps, scenes, applications, and other geographic information to be shared with others within an organization. A cross-site scripting vulnerability exists in Esri Portal for ArcGIS versions 10.8.1...

GitLab <= 10.5.7, 10.6.x - 10.6.4, 10.7.x - 10.7.1 XSS Vulnerability

GitLab is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if...

Jellyfin 任意文件读取漏洞（CVE-2021-21402）

GHSL-2021-050: Unauthenticated abritrary file read in Jellyfin - CVE-2021-21402 Jaroslav Lobacevski Coordinated Disclosure Timeline - 2021-03-19: Issue reported to maintainers. - 2021-03-22: Version 10.7.1 with fixes was released. Summary Jellyfin allows unauthenticated arbitrary file read. Produ...