92 matches found
BIT-PHPMYADMIN-2025-24529
An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the Insert tab...
CVE-2025-31344
Heap-based Buffer Overflow vulnerability in openEuler giflib on Linux. This vulnerability is associated with program files gif2rgb.C. This issue affects giflib: through 5.2.2...
ALPINE-CVE-2025-31344
Heap-based Buffer Overflow vulnerability in openEuler giflib on Linux. This vulnerability is associated with program files gif2rgb.C. This issue affects giflib: through 5.2.2...
SUSE CVE-2025-30204
golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...
Asymmetric Resource Consumption (Amplification)
Overview Affected versions of this package are vulnerable to Asymmetric Resource Consumption Amplification through the parse.ParseUnverified function. An attacker can cause excessive memory allocation by sending a crafted request with many period characters in the Authorization header. Remediatio...
CVE-2025-30204
golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...
WordPress plugin WP Activity Log 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
GHSA-222V-CX2C-Q2F5 phpMyAdmin XSS when checking tables
An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the check tables feature. A crafted table or database name could be used for XSS...
CVE-2025-24529
An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the Insert tab...
CVE-2025-24530
An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the check tables feature. A crafted table or database name could be used for XSS...
UBUNTU-CVE-2025-24529
An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the Insert tab...
CVE-2025-24530
An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the check tables feature. A crafted table or database name could be used for XSS...
PT-2024-17356 · WordPress · 워드프레스 결제 심플페이 – 우커머스 결제 플러그인
Name of the Vulnerable Software and Affected Versions: 워드프레스 결제 심플페이 – 우커머스 결제 플러그인 plugin for WordPress versions up to, and including, 5.2.2 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg without appropriate escaping on the URL. This allows...
PT-2024-27369 · Woocommerce · Woocommerce Customers Order History
Name of the Vulnerable Software and Affected Versions: WooCommerce Customers Order History versions through 5.2.2 Description: The issue is related to a Missing Authorization vulnerability in WooCommerce Customers Order History, allowing exploitation of incorrectly configured access control...
CVE-2024-35651
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Spiffy Plugins WP Flow Plus allows Stored XSS.This issue affects WP Flow Plus: from n/a through 5.2.2...
Xiamen Four-Faith RMP Router Management Platform SQL注入漏洞
Xiamen Four-Faith RMP Router Management Platform is an online chat system from Xiamen Four-Faith, China. A SQL injection vulnerability exists in Xiamen Four-Faith RMP Router Management Platform version 5.2.2, which stems from an incorrect operation of the parameter groupId that can lead to sql...
GHSA-622H-H2P8-743X JWT token compromise can allow malicious actions including Remote Code Execution (RCE)
Impact A user can reverse engineer the JWT token JSON Web Token used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE. Patches Upgrade to NeuVector version 5.2.2 or later and latest Helm chart 2.6.3+....
WordPress Forms to Sendinblue Plugin <= 5.2.2 is vulnerable to Cross Site Scripting (XSS)
Software Forms to Sendinblue Type Plugin Vulnerable versions = 5.2.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 455e2c223c64 Credits Rafie Muhammad Patchstack...
PT-2022-25553 · Zammad · Zammad
Name of the Vulnerable Software and Affected Versions: Zammad version 5.2.1 Description: The issue concerns Incorrect Access Control in Zammad's asset handling mechanism. This mechanism is designed to prevent customer users from accessing personal information of other users. However, the logic wa...
Parse Server 信任管理问题漏洞
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A trust management issue vulnerability exists in versions of Parse Server prior to 5.2.2 that stems from an unvalidated certificate in the Apple Game Center authentication adapter, which can be...