handlebars 安全漏洞

Handlebars is a semantic web template system. Versions of Handlebars 4.7.8 and earlier contain security vulnerabilities. These vulnerabilities stem from the resolvePartial function, which does not prevent prototype chain traversal. This can lead to prototype pollution, thereby enabling...

handlebars 安全漏洞

Handlebars is a semantic web template system. Versions of Handlebars 4.7.8 and earlier contain security vulnerabilities. These vulnerabilities stem from the improper handling of the value field in NumberLiteral AST nodes by the Handlebars.compile function. This could allow attackers to inject and...

Handlebars.js 安全漏洞

Handlebars.js is an open-source JavaScript templating engine developed by The Handlebars Templating Language project. Versions of Handlebars.js 4.7.8 and earlier contained security vulnerabilities. These vulnerabilities were caused by improper handling of user-controlled strings by the Handlebars...

CVE-2026-25325

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in rtCamp rtMedia for WordPress, BuddyPress and bbPress buddypress-media allows Retrieve Embedded Sensitive Data.This issue affects rtMedia for WordPress, BuddyPress and bbPress: from n/a through = 4.7.8...

CVE-2025-14294 Razorpay for WooCommerce <= 4.7.8 - Missing Authentication to Unauthenticated Order Modification

The Razorpay for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the getCouponList function in all versions up to, and including, 4.7.8. This is due to the checkAuthCredentials permission callback always returning true,...

PT-2026-20695

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in rtCamp rtMedia for WordPress, BuddyPress and bbPress buddypress-media allows Retrieve Embedded Sensitive Data.This issue affects rtMedia for WordPress, BuddyPress and bbPress: from n/a through = 4.7.8...

EUVD-2025-201970

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in arscode Ninja Popups arscode-ninja-popups allows Stored XSS.This issue affects Ninja Popups: from n/a through = 4.7.8...

EUVD-2025-25361

Malicious code in bioql PyPI...

EUVD-2023-49315

Malicious code in bioql PyPI...

CVE-2025-53201

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NooTheme Jobmonster noo-jobmonster allows Reflected XSS.This issue affects Jobmonster: from n/a through = 4.7.8...

CVE-2025-53201

CVE-2025-53201 refers to a Reflected XSS in NooTheme Jobmonster (WordPress theme) up to version 4.7.8. The vulnerability arises from improper input neutralization during web page generation, enabling cross-site scripting when an unauthenticated actor injects malicious input. Public sources in con...

CVE-2025-53201 WordPress Jobmonster theme <= 4.7.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NooTheme Jobmonster noo-jobmonster allows Reflected XSS.This issue affects Jobmonster: from n/a through = 4.7.8...

CVE-2025-53201 WordPress Jobmonster <= 4.7.8 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NooTheme Jobmonster allows Reflected XSS. This issue affects Jobmonster: from n/a through 4.7.8...

WordPress plugin Jobmonster 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2023-48741

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in QuantumCloud AI ChatBot.This issue affects AI ChatBot: from n/a through 4.7.8...

CVE-2020-35572

Adminer through 4.7.8 allows XSS via the history parameter to the default URI...

CVE-2024-9599

CVE-2024-9599 affects the WordPress Popup Box plugin prior to version 4.7.8. The vulnerability stems from not sanitising/escaping certain settings, enabling stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (e.g., in multisite). CVSSv3.1 base score 5.4 (Med...

WordPress Molongui Plugin <= 4.7.7 is vulnerable to Insecure Direct Object References (IDOR)

Software Molongui Type Plugin Vulnerable versions = 4.7.7 Fixed in 4.7.8 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-30507 Patch priority Low CVSS severity Low 2.7 Developer Claim ownership PSID c7f745bc9de4 Credits CatFather Required...

CVE-2023-52048

RuoYi v4.7.8 was discovered to contain a cross-site scripting XSS vulnerability via the component /system/notice/...

PT-2024-14377 · Ruoyi · Ruoyi

Name of the Vulnerable Software and Affected Versions: RuoYi version 4.7.8 Description: A cross-site scripting XSS issue was found in the /system/notice/ component. This could potentially allow attackers to execute malicious scripts on the affected system. Recommendations: For RuoYi version 4.7.8...