CVE-2025-47784

Emlog is an open source website building system. Versions 2.5.13 and prior have a deserialization vulnerability. A user who creates a carefully crafted nickname can cause strreplace to replace the value of nameorig with empty, causing deserialization to fail and return false. Commit...

CVE-2025-47786

Emlog is an open source website building system. Version 2.5.13 has a stored cross-site scripting vulnerability that allows any registered user to construct malicious JavaScript, inducing all website users to click. In /admin/comment.php, the parameter perpagenum is not validated and is directly...

CVE-2025-47786 Emlog vulnerable to Stored Cross-site Scripting

Emlog is an open source website building system. Version 2.5.13 has a stored cross-site scripting vulnerability that allows any registered user to construct malicious JavaScript, inducing all website users to click. In /admin/comment.php, the parameter perpagenum is not validated and is directly...

CVE-2025-47784

Emlog (open-source website building system) is affected by CVE-2025-47784 in versions 2.5.13 and earlier, due to a deserialization vulnerability. A crafted nickname can trigger str_replace to set name_orig to an empty value, causing deserialization to fail and return false. The issue is mitigated...

CVE-2025-47784 Emlog vulnerable to Deserialization of Untrusted Data

Emlog is an open source website building system. Versions 2.5.13 and prior have a deserialization vulnerability. A user who creates a carefully crafted nickname can cause strreplace to replace the value of nameorig with empty, causing deserialization to fail and return false. Commit...

emlog 代码问题漏洞

emlog is emlog open source a PHP and MySQL based CMS website builder. A code issue vulnerability exists in emlog 2.5.13 and earlier versions, which stems from a deserialization vulnerability that could lead to a deserialization failure...

PT-2025-21366 · Emlog · Emlog

Name of the Vulnerable Software and Affected Versions: Emlog version 2.5.13 Description: Emlog is an open source website building system with a stored cross-site scripting issue. This allows any registered user to construct malicious JavaScript, inducing all website users to click. The...

PT-2024-28143 · Woocommerce · Wallet System For Woocommerce

Name of the Vulnerable Software and Affected Versions: Wallet System for WooCommerce versions 2.5.13 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by Access Control Lists ACLs. This means that...

PT-2023-24908 · Ruijie · Ruijie Rg-Bcr860

Name of the Vulnerable Software and Affected Versions: Ruijie RG-BCR860 version 2.5.13 Description: A critical issue affects the Network Diagnostic Page component, leading to os command injection through unknown processing. This can be exploited remotely. Recommendations: For Ruijie RG-BCR860...

SUSE CVE-2021-36784

A Improper Privilege Management vulnerability in SUSE Rancher allows users with the restricted-admin role to escalate to full admin. This issue affects: SUSE Rancher Rancher versions prior to 2.5.13; Rancher versions prior to 2.6.4...

Design/Logic Flaw

A Insufficiently Protected Credentials vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners and Project Members to read credentials, passwords and API tokens that have been stored in cleartext and exposed via API endpoints. This issue affects: SUSE...

Security fix for the ALT Linux 8 package cyrus-imapd version 2.5.13-alt0.M80P.1

2.5.13-alt0.M80P.1 built Sept. 5, 2019 Sergey Y. Afonin in task 236049 Aug. 14, 2019 Sergey Y. Afonin - 2.5.13 CVE-2019-11356 - built with USESETPROCTITLE some solutions of the issue 2850 was used, look to cyrus-imapd-2.5.13-setproctitle.c.patch - fixed packaging the imtest utility...

Apache Struts Security Update (S2-052) - Active Check

Apache Struts is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Postfix SMTP Server Cyrus SASL Support Memory Corruption Vulnerability

Postfix SMTP server is prone to a memory corruption vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...