EUVD-2021-0210

Malware in sbrugna...

EUVD-2021-19463

Malware in sbrugna...

CVE-2025-49459 Zoom Workplace for Windows on ARM - Missing Authorization

Missing authorization in the installer for Zoom Workplace for Windows on ARM before version 6.5.0 may allow an authenticated user to conduct an escalation of privilege via local access...

WordPress PDF for Gravity Forms + Drag And Drop Template Builder plugin <= 6.5.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin PDF for Gravity Forms + Drag And Drop Template Builder versions = 6.5.0...

Amazon Linux 2023 : python3-tornado (ALAS2023-2025-1002)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1002 advisory. Tornado is a Python web framework and asynchronous networking library. When Tornado's multipart/form- data parser encounters certain errors, it logs a warning but continues trying to parse the remainde...

OESA-2025-1554 python-tornado security update

Tornado is an open source version of the scalable, non-blocking web server and tools. Security Fixes: Tornado is a Python web framework and asynchronous networking library. When Tornado's multipart/form-data parser encounters certain errors, it logs a warning but continues trying to parse the...

CVE-2022-32274

The Transition Scheduler add-on 6.5.0 for Atlassian Jira is prone to stored XSS via the project name to the creation function...

CVE-2021-32634

Emissary is a distributed, peer-to-peer, data-driven workflow framework. Emissary 6.4.0 is vulnerable to Unsafe Deserialization of post-authenticated requests to the WorkSpaceClientEnqueue.action REST endpoint. This issue may lead to post-auth Remote Code Execution. This issue has been patched in...

CVE-2024-12651 Sensitive Data Exposure in PTT Inc.'s HGS Mobile App

Exposed Dangerous Method or Function vulnerability in PTT Inc. HGS Mobile App allows Manipulating User-Controlled Variables.This issue affects HGS Mobile App: before 6.5.0...

DNNGo xBlog 安全漏洞

DNNGo xBlog is a DNN-based blogging program from DNNGo, Inc. A security vulnerability exists in DNNGo xBlog version v6.5.0, which stems from a discovery via the Category parameter of /DNNGoxBlog/ResourceService.aspx that contains an SQL injection vulnerability...

CVE-2024-55212

DNNGo xBlog v6.5.0 was discovered to contain a SQL injection vulnerability via the Categorys parameter at /DNNGoxBlog/ResourceService.aspx...

CVE-2024-27298

parse-server is a Parse Server for Node.js / Express. This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. The vulnerability has been fixed in 6.5.0 and 7.0.0-alpha.20...

CVE-2024-13252

CVE-2024-13252 concerns TacJS, a Drupal-related module. The consolidated sources confirm a vulnerability due to improper neutralization of input during web page generation, resulting in Cross‑Site Scripting (XSS). Affected versions are TacJS 0.0.0 through 6.4.9, with a confirmed remediation in Ta...

Drupal 安全漏洞

Drupal is an open source content management system developed in the PHP language by the Drupal community. A security vulnerability exists in Drupal TacJS prior to version 6.5.0, which stems from improper input neutralization during page generation, resulting in a cross-site scripting vulnerabilit...

PT-2024-12142 · Unknown · Paul Ryley Site Reviews

Name of the Vulnerable Software and Affected Versions: Paul Ryley Site Reviews versions 6.5.0 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For versions 6.5.0...

WordPress plugin Conversios.io 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security...

LimeSurvey < 6.5.0 XSS Vulnerability

LimeSurvey is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Cross-site Scripting (XSS)

Overview limesurvey/limesurvey is a FOSS online survey tool on the web. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper input validation and output encoding in the Alert Widget's message component. Note: This is fixed in 6.5.0+240319. Details Cross-sit...

PT-2024-22532 · Unknown · Limesurvey

Name of the Vulnerable Software and Affected Versions: LimeSurvey versions prior to 6.5.0+240319 Description: The issue is related to a Cross Site Scripting XSS vulnerability that allows a remote attacker to execute arbitrary code. This is due to a lack of input validation and output encoding in...

WordPress WooPayments Plugin < 6.5.0 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:automattic:woopayments"; if description...