114 matches found
Sobey Media Convergence System 路径遍历漏洞
The Sobey Media Convergence System is a media convergence system from the Chinese company Sobey. A path traversal vulnerability exists in Sobey Media Convergence System versions 2.0 and 2.1, which can be caused by incorrect manipulation of the File parameter in the file...
EUVD-2025-201375
The Time Sheets plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.3. This is due to missing or incorrect nonce validation on several endpoints. This makes it possible for unauthenticated attackers to perform a variety of actions via a forge...
CVE-2025-13386
The Social Images Widget plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'optionsupdate' function in all versions up to, and including, 2.1. This makes it possible for unauthenticated attackers to delete the plugin's settings via a...
CVE-2025-13058 soerennb eXtplorer Filename cross site scripting
A security flaw has been discovered in soerennb eXtplorer up to 2.1.15. The affected element is an unknown function of the component Filename Handler. The manipulation results in cross site scripting. The attack may be launched remotely. The patch is identified as...
CVE-2025-60207 WordPress Custom User Registration Fields for WooCommerce plugin <= 2.1.2 - Arbitrary File Upload Vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Addify Custom User Registration Fields for WooCommerce user-registration-plugin-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects Custom User Registration Fields for WooCommerce: from n/a through = 2.1.2...
Mercku M6a 安全特征问题漏洞
Mercku M6a is a WiFi router from Mercku USA. A security feature issue vulnerability exists in Mercku M6a version 2.1.0 and earlier, which stems from the authentication system's use of predictable session tokens based on timestamps, which could lead to authentication bypass...
PT-2025-41363
Name of the Vulnerable Software and Affected Versions Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers plugin for WordPress versions up to and including 2.1.3 Description The Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting...
CVE-2025-61096
PHPGurukul Online Shopping Portal Project v2.1 is vulnerable to SQL Injection in /shopping/login.php via the fullname parameter...
IBM Planning Analytics Local 安全漏洞
IBM Planning Analytics Local is a web-based local architecture from International Business Machines IBM. A security vulnerability exists in IBM Planning Analytics Local versions 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13, which stems from improper input validation and could result in...
CVE-2025-59826
Flag Forge CT F platform (CVE-2025-59826) is affected in version 2.1.0 where non-admin users can create arbitrary challenges, potentially introducing malicious, incorrect, or misleading content. The issue is mitigated by upgrading to version 2.2.0. Connected sources consistently describe the vuln...
CVE-2025-59348 Dragonfly incorrectly handles a task structure’s usedTraffic field
Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the processPieceFromSource method does not update the structure’s usedTraffic field, because an uninitialized variable n is used as a guard to the AddTraffic method call, instead of the...
CVE-2025-9057
The Biagiotti Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...
WordPress Blocksy Theme <= 2.1.6 is vulnerable to Cross Site Scripting (XSS)
Software Blocksy Type Theme Vulnerable versions = 2.1.6 Fixed in 2.1.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-55713 Patch priority Low CVSS severity Low 5.9 Developer Creative Themes PSID 05f50ffb9258 Credits savphill Required privilege Shop manager...
openjdk: Improve scripting supports (Oracle CPU 2025-07)
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Scripting. Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf and 11.0.27; Oracle GraalVM Enterprise Edition: 21.3.14. Difficult to exploit vulnerability allows...
Drupal Commerce Eurobank (Redirect) 安全漏洞
Drupal Commerce Eurobank Redirect is a redirect banking tool for the Drupal community. A security vulnerability exists in Drupal Commerce Eurobank Redirect versions prior to 2.1.1, which stems from improper authorization and could lead to feature abuse...
CVE-2025-25044
IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...
IBM Planning Analytics Local 路径遍历漏洞
IBM Planning Analytics Local is a web-based local architecture from International Business Machines IBM. A path traversal vulnerability exists in IBM Planning Analytics Local versions 2.0 and 2.1, which stems from improperly restricted pathnames and could result in the deletion of files...
CVE-2024-30520
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Labib Ahmed Carousel Anything For WPBakery Page Builder allows Stored XSS.This issue affects Carousel Anything For WPBakery Page Builder: from n/a through 2.1...
WordPress plugin Melapress File Monitor 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
ftcms 代码注入漏洞
ftcms is a content management system from ftcms Inc. A code injection vulnerability exists in version 2.1 of ftcms, which stems from an incorrect manipulation of the parameter title that could lead to a cross-site scripting attack...