UltraJSON 安全漏洞

UltraJSON is an open-source, ultra-fast JSON encoder and decoder written in pure C language, and compatible with Python 3.7+. Versions of UltraJSON 5.11.0 and earlier contained a security vulnerability caused by a memory leak during the parsing of large integers, which could lead to a...

CVE-2025-71243

The 'Saisies pour formulaire' Saisies plugin for SPIP versions 5.4.0 through 5.11.0 contains a critical Remote Code Execution RCE vulnerability. An attacker can exploit this vulnerability to execute arbitrary code on the server. Users should immediately update to version 5.11.1 or later...

WordPress TheGem Theme Elements (for Elementor) plugin <= 5.11.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin TheGem Theme Elements for Elementor versions = 5.11.0...

CVE-2025-69357

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CodexThemes TheGem Theme Elements for Elementor thegem-elements-elementor allows Stored XSS.This issue affects TheGem Theme Elements for Elementor: from n/a through = 5.11.0...

WordPress plugin TheGem Theme Elements (for Elementor) 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

WordPress plugin TheGem Theme Elements (for WPBakery) 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

PT-2026-1485

Name of the Vulnerable Software and Affected Versions CodexThemes TheGem Theme Elements for Elementor versions through 5.11.0 Description TheGem Theme Elements for Elementor is susceptible to a Stored Cross-site Scripting XSS issue. This occurs due to improper neutralization of input during web...

EUVD-2021-0156

Malware in sbrugna...

EUVD-2019-11405

Malware in sbrugna...

CVE-2023-41331

SOFARPC is a Java RPC framework. Versions prior to 5.11.0 are vulnerable to remote command execution. Through a carefully crafted payload, an attacker can achieve JNDI injection or system command execution. In the default configuration of the SOFARPC framework, a blacklist is used to filter out...

CVE-2021-41132

OMERO.web provides a web based client and plugin infrastructure. In versions prior to 5.11.0, a variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of sanitization and use of jQuery.html, there are a whole host of cross-site scripting possibilities with...

CVE-2024-38357

TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content parsing code. This allowed specially crafted noscript elements containing malicious code to be executed when that content was loaded into the editor. This vulnerability has bee...

GHSA-9HCV-J9PV-QMPH TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option

Impact A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content extraction code. When using the noneditableregexp option, specially crafted HTML attributes containing malicious code were able to be executed when content was extracted from the editor. Patches This vulnerability...

CVE-2023-40931

A SQL injection vulnerability in Nagios XI from version 5.11.0 up to and including 5.11.1 allows authenticated attackers to execute arbitrary SQL commands via the ID parameter in the POST request to /nagiosxi/admin/bannermessage-ajaxhelper.php...

Sql injection

A SQL injection vulnerability in Nagios XI from version 5.11.0 up to and including 5.11.1 allows authenticated attackers to execute arbitrary SQL commands via the ID parameter in the POST request to /nagiosxi/admin/bannermessage-ajaxhelper.php...

Nagios XI SQL Injection Vulnerability

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI versions 5.11.0 through 5.11.1, which originates from a...

PT-2023-5388 · Nagios Xi · Nagios Xi

Name of the Vulnerable Software and Affected Versions: Nagios XI versions 5.11.0 through 5.11.1 Description: A SQL injection issue allows authenticated attackers to execute arbitrary SQL commands via the ID parameter in the POST request to "/nagiosxi/admin/banner message-ajaxhelper.php". This...

GHSA-PW4J-R69M-RRR5 ForkCMS XSS via `end_date` parameter

A cross-site scripting XSS issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the enddate Parameter. This issue was patched in version 5.11.0...

GHSA-Q4QV-3X58-RXMH ForkCMS XSS via `publish_on_time` parameter

A cross-site scripting XSS issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the publishontime Parameter. This issue was patched in version 5.11.0...

ForkCMS stored XSS via `start_date` parameter

A stored cross-site scripting XSS issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the startdate Parameter. This issue was patched in version 5.11.0...