CVE-2026-44314

Traccar is an open source GPS tracking system. Prior to 6.13.0, DeviceResource.uploadImage authorizes the target device only through Condition.PermissionUser.class, getUserId, Device.class and then immediately streams the uploaded body into mediaManager.createFileStream.... Unlike the generic...

CVE-2026-27693 traccar allows XML injection in KML and GPX exports

Traccar is an open source GPS tracking system. In org.traccar:traccar versions starting at 6.11.1 before 6.13.0, the KML and GPX export functionality writes device names to XML output without proper escaping. An attacker with low privileges can create a device with a crafted name that injects XML...

EUVD-2026-27307

Traccar is an open source GPS tracking system. In org.traccar:traccar versions starting at 6.11.1 before 6.13.0, the KML and GPX export functionality writes device names to XML output without proper escaping. An attacker with low privileges can create a device with a crafted name that injects XML...

CVE-2026-27644 traccar allows CSV formula injection via exported position data

Traccar is an open source GPS tracking system. In versions between 6.11.1 and 6.13.0, the CSV export functionality writes position data, including user-controlled device and computed attributes, to CSV output without proper escaping. An attacker can inject spreadsheet formulas through exported...

Statamic 安全漏洞

Statamic is a powerful flat-file CMS built using Laravel by Statamic Inc. It allows all content, templates, assets, and settings to be stored in files rather than in a database. There were security vulnerabilities in versions prior to Statamic 5.73.20 and 6.13.0, which stemmed from insufficient...

BIT-LIMESURVEY-2025-41074 Multiple vulnerabilities in Limesurvey

Vulnerability in LimeSurvey 6.13.0 in the endpoint /optout that causes infinite HTTP redirects when accessed directly. This behavior can be exploited to generate a Denegation of Service DoS attack, by exhausting server or client resources. The system is unable to break the redirect loop, which ca...

CVE-2025-41074

Vulnerability in LimeSurvey 6.13.0 in the endpoint /optout that causes infinite HTTP redirects when accessed directly. This behavior can be exploited to generate a Denegation of Service DoS attack, by exhausting server or client resources. The system is unable to break the redirect loop, which ca...

CVE-2025-41075 Multiple vulnerabilities in Limesurvey

Vulnerability in LimeSurvey 6.13.0 in the endpoint /optin that causes infinite HTTP redirects when accessed directly. This behavior can be exploited to generate a Denegation of Service DoS attack, by exhausting server or client resources. The system is unable to break the redirect loop, which can...

LimeSurvey 安全漏洞

LimeSurvey PHPSurveyor is an open source online questionnaire program from the LimeSurvey team that supports survey program development, survey posting, and data collection. A security vulnerability exists in LimeSurvey version 6.13.0, which stems from mishandling of errors and could lead to...

WordPress Plugin WPBakery Page Builder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2023-23235 · WordPress · Wpbakery Page Builder

Name of the Vulnerable Software and Affected Versions: WPBakery Page Builder plugin versions prior to 6.13.0 Description: A Stored Cross-Site Scripting XSS vulnerability exists, affecting users with contributor or higher permissions. This issue allows for malicious script execution...

WordPress WPBakery Page Builder Plugin < 6.13.0 is vulnerable to Cross Site Scripting (XSS)

Software WPBakery Page Builder Type Plugin Vulnerable versions 6.13.0 Fixed in 6.13.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-31213 Patch priority Low CVSS severity Low 6.5 Developer WPBakery PSID bf3507e23c25 Credits Rafie Muhammad Patchstac...

CVE-2019-3398

Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs or to create a new space or a personal space or who has 'Admin' permissions for a space can exploit this pat...

Atlassian Confluence Widget Connector Macro Velocity Template Injection Exploit

Widget Connector Macro is part of Atlassian Confluence Server and Data Center that allows embed online videos, slideshows, photostreams and more directly into page. A template parameter can be used to inject remote Java code into a Velocity template, and gain code execution. Authentication is not...

Security fix for the ALT Linux 10 package node version 6.13.0-alt1

Feb. 27, 2018 Alexey Shabalin 6.13.0-alt1 - new version 6.13.0 - 2018-02-13, Version 6.13.0 'Boron' LTS - fixed CVE-2017-15896, CVE-2017-3738...

Design/Logic Flaw

In Apache Wicket 1.5.10 or 6.13.0, by issuing requests to special urls handled by Wicket, it is possible to check for the existence of particular classes in the classpath and thus check whether a third party library with a known security vulnerability is in use...