188 matches found
DzzOffice 安全漏洞
DzzOffice is a platform from Big Desk DzzOffice that provides online collaborative office suite functionality. It provides online documents, forms, webstores, presentations, and other features. A security vulnerability exists in DzzOffice version 2.3.x. The vulnerability stems from a comment...
PT-2025-46859
Name of the Vulnerable Software and Affected Versions MaxKB versions prior to 2.3.1 Description MaxKB, an open-source AI assistant for enterprise, allows a user to access internal network services, such as databases, through Python code within the tool module. This process operates within a sandb...
CVE-2025-60202 WordPress Favorites plugin <= 2.3.6 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Kyle Phillips Favorites favorites allows PHP Local File Inclusion.This issue affects Favorites: from n/a through = 2.3.6...
PT-2025-45275
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Kyle Phillips Favorites favorites allows PHP Local File Inclusion.This issue affects Favorites: from n/a through = 2.3.6...
LinkAce 跨站脚本漏洞
LinkAce is a self-hosted archive of links to your favorite websites. A cross-site scripting vulnerability exists in LinkAce 2.3.1 and prior versions, which stems from insufficient validation of title field input by the social media sharing feature and can be exploited by an attacker to cause a...
EUVD-2025-36009
Missing Authorization vulnerability in wprio Table Block by RioVizual riovizual allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Table Block by RioVizual: from n/a through = 2.3.2...
CVE-2025-62414 bagisto - Cross Site Scripting (XSS) in Create New Customer
Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7, the “Create New Customer” feature in the admin panel is vulnerable to Cross-Site Scripting XSS. An attacker with access to the admin create-customer form can inject malicious JavaScript payloads into certain input fields...
Oct8ne Chatbot 跨站脚本漏洞
Oct8ne Chatbot is a chatbot from Oct8ne. A cross-site scripting vulnerability exists in Oct8ne Chatbot version v2.3, which stems from stored cross-site scripting and could lead to an attacker executing JavaScript code in the victim's browser...
CVE-2025-11380
The Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'everestprocessstatus' AJAX action in all versions up to, and including, 2.3.5. This makes it possible for...
CVE-2025-61777 FlagForge Allows Unauthenticated Badge Template API Access
Flag Forge is a Capture The Flag CTF platform. Starting in version 2.0.0 and prior to version 2.3.2, the /api/admin/badge-templates GET and /api/admin/badge-templates/create POST endpoints previously allowed access without authentication or authorization. This could have enabled unauthorized user...
EUVD-2025-31126
Malicious code in bioql PyPI...
PT-2025-40061
Name of the Vulnerable Software and Affected Versions ZoloBlocks plugin for WordPress versions prior to 2.3.10 Description The software is susceptible to Stored Cross-Site Scripting XSS through multiple Gutenberg blocks. This is a result of inadequate input sanitization and output escaping of...
CVE-2025-58678
Missing Authorization vulnerability in PickPlugins Accordion accordions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accordion: from n/a through = 2.3.15...
PT-2025-38815
Name of the Vulnerable Software and Affected Versions WP CodeUs WP Proposals versions prior to 2.3 Description The software contains a flaw due to improper neutralization of input during web page generation, leading to a Cross-site Scripting issue. This allows for Stored XSS attacks...
WordPress Optio Dentistry plugin <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Optio Dentistry versions = 2.2...
CVE-2012-10041
WAN Emulator v2.3 contains two unauthenticated command execution vulnerabilities. The result.php script calls shellexec with unsanitized input from the pc POST parameter, allowing remote attackers to execute arbitrary commands as the www-data user. The system also includes a SUID-root binary name...
CVE-2025-54998
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 0.1.0 through 2.3.1, attackers could bypass the automatic user lockout mechanisms in the OpenBao Userpass or LDAP auth systems. This was caused by...
CVE-2025-54996 OpenBao Root Namespace Operator May Elevate Token Privileges
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, accounts with access to highly-privileged identity entity systems in root namespaces were able to increase their scope directly to...
Quantum DXi6702 安全漏洞
Quantum DXi6702 is a disk backup and deduplication appliance from Quantum Corporation, USA. A security vulnerability exists in the Quantum DXi6702 version 2.3.0.3, which stems from an XML external entity injection issue that could lead to information disclosure...
Security update for rmt-server
This update for rmt-server fixes the following issues: Update to version 2.23 CVE-2025-46727: Fixed Unbounded-Parameter DoS in Rack:QueryParser. bsc1242893 CVE-2025-32441: Fixed a bug where simultaneous rack requests can restore a deleted rack session. bsc1242898 Patch Instructions: To install th...