CVE-2025-49939

CVE-2025-49939 concerns the WordPress plugin JetElements For Elementor (component: jet-elements ) with versions up to and including 2.7.8. The issue is a Stored Cross-Site Scripting (XSS) vulnerability caused by improper neutralization of input during web page generation. The impact, as stated, i...

WordPress plugin JetElements For Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A cross-site scriptin...

PT-2024-8682 · Scada-Lts · Scada-Lts

Name of the Vulnerable Software and Affected Versions: Scada-LTS version 2.7.8 Description: A vulnerability has been found in the Message Handler component of Scada-LTS, related to the file /Scada-LTS/app.shtm/alarms/Scada. The manipulation leads to cross-site scripting. The attack can be launche...

PT-2023-20614 · WordPress · Buddyforms

Name of the Vulnerable Software and Affected Versions: BuddyForms WordPress plugin versions prior to 2.7.8 Description: The issue is related to an unauthenticated insecure deserialization problem. An attacker could exploit this to call files using a PHAR wrapper, which deserializes data and calls...

CVE-2021-37693

Discourse is an open-source platform for community discussion. In Discourse before versions 2.7.8 and 2.8.0.beta4, when adding additional email addresses to an existing account on a Discourse site an email token is generated as part of the email verification process. Deleting the additional email...

CVE-2021-29202

A local buffer overflow vulnerability was discovered in HPE Integrated Lights-Out 4 iLO 4; HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 iLO 5 for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity 325; HPE SimpliVity 380 Gen10 H...