CVE-2025-41085

Stored Cross-Site Scripting XSS vulnerability type in Apidog in the version 2.7.15, where SVG image uploads are not properly sanitized. This allows attackers to embed malicious scripts in SVG files by sending a POST request to '/api/v1/user-avatar', which are then stored on the server and execute...

CVE-2025-41085

Summary : CVE-2025-41085 is a stored XSS in Apidog 2.7.15 due to improper sanitization of SVG uploads. An attacker can exploit by posting an SVG image to the endpoints exposed by the API (/api/v1/user-avatar), resulting in scripts being stored on the server and executed when a user accesses the c...

PT-2026-5898

Name of the Vulnerable Software and Affected Versions Apidog version 2.7.15 Description A stored Cross-Site Scripting XSS issue exists in Apidog version 2.7.15 due to improper sanitization of SVG image uploads. An attacker can embed malicious scripts within SVG files by sending a POST request to...

Apidog Web Platform 跨站脚本漏洞

The Apidog Web Platform is an interface calling tool provided by the Apidog company. Version 2.7.15 of the Apidog Web Platform contains a cross-site scripting vulnerability. This vulnerability stems from improper handling of SVG image uploads during cleanup, and it may lead to storage-based...

CVE-2025-53627

Meshtastic firmware (from version 2.5) can fall back to legacy AES-256-CTR if the pki_encrypted flag is missing, undermining PKI end-to-end direct messages. The downgrade path allows adversaries with a shared channel key to inject spoofed DMs that appear PKI-encrypted to end-user apps (Web, iOS/A...

Meshtastic 安全漏洞

Meshtastic is a decentralized wireless off-grid mesh network LoRa protocol open-sourced by Meshtastic. A security vulnerability exists in Meshtastic versions 2.5 up to and including 2.7.15, which stems from a degradation attack path in the absence of PKI cryptographic flags, and could lead to an...

CVE-2024-1411

The PowerPack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the settings of the Twitter Buttons Widget in all versions up to, and including, 2.7.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

PT-2024-18021 · WordPress · Powerpack Addons For Elementor

Name of the Vulnerable Software and Affected Versions: PowerPack Addons for Elementor plugin for WordPress versions up to, and including, 2.7.15 Description: The issue is related to Stored Cross-Site Scripting via the settings of the Twitter Buttons Widget due to insufficient input sanitization a...

WordPress PowerPack Addons for Elementor Plugin <= 2.7.15 is vulnerable to Cross Site Scripting (XSS)

Software PowerPack Addons for Elementor Type Plugin Vulnerable versions = 2.7.15 Fixed in 2.7.16 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1411 Patch priority Low CVSS severity Low 6.5 Developer IdeaBox Creations PSID 6ccdfffb7852 Credits wesle...

WordPress WPFunnels Plugin <= 2.7.15 is vulnerable to Insecure Direct Object References (IDOR)

Software WPFunnels Type Plugin Vulnerable versions = 2.7.15 Fixed in 2.7.16 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE N/A Patch priority Low CVSS severity Low 5.4 Developer WPFunnels Team PSID fefed9db57ed Credits Unknown Required privilege...

ALPINE-CVE-2019-14904

A flaw was found in the solariszone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the na...

python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms

urllib in Python 2.x through 2.7.16 supports the localfile: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen'localfile:///etc/passwd' call...

PSF-2018-5 _elementree C accelerator doesn't call XML_SetHashSalt()

Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming...

Python 2.7.x < 2.7.15 Heap-Based Buffer Overflow Vulnerability Python Issue (bpo-31530) - Mac OS X

Python is prone to a heap-based buffer overflow vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python";...