13 matches found
EUVD-2026-28807
MapServer is a system for developing web-based GIS applications. From version 6.0 to before version 8.6.2, a reflected XSS vulnerability in MapServer's WMS server allows an unauthenticated attacker to inject arbitrary HTML/JavaScript into the browser of any user who opens a crafted WMS URL. The...
CVE-2025-12560
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 8.6.0 via the getFullContent function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make we...
CVE-2025-10006
The WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'revslidervc' shortcode in all versions up to, and including, 8.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
GHSA-H7RH-XFPJ-HPCM MinIO Java Client XML Tag Value Substitution Vulnerability
Description In minio-java versions prior to 8.6.0, XML tag values containing references to system properties or environment variables were automatically substituted with their actual values during processing. This unintended behavior could lead to the exposure of sensitive information, including...
CVE-2024-53554
A Client-Side Template Injection CSTI vulnerability in the component /project/new/scrum of Taiga v 8.6.1 allows remote attackers to execute arbitrary code by injecting a malicious payload within the new project details...
CVE-2025-31852 WordPress Bulk Product Sync plugin <= 8.6 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in N-Media Bulk Product Sync sync-wc-google allows Cross Site Request Forgery.This issue affects Bulk Product Sync: from n/a through = 8.6...
PT-2025-2959 · Easyvirt · Easyvirt Dcscope +1
Name of the Vulnerable Software and Affected Versions: EasyVirt DCScope versions 8.6.0 and earlier EasyVirt CO2Scope versions 1.3.0 and earlier Description: The issue allows remote authenticated attackers with low privileges to perform various unauthorized actions. This includes adding an admin...
Curl 安全漏洞
Curl is a tool for transferring data from or to a server. A security vulnerability exists in Curl versions 8.6.0 through 8.6.0 that stems from the fact that libcurl skips certificate validation for QUIC connections under certain conditions when using WolfSSL...
SUSE-FU-2022:0868-1 Feature update for tcl and tk
This feature update for tcl and tk fixes the following issues: Update tcl and tk to version 8.6.12 jscSLE-21016, jscSLE-23284: - Move tcl.macros to /usr/lib/rpm/macros.d bsc1185662 - Use FAT LTO objects in order to provide proper static library bsc1138797 - Fix a bug in itcl that was affecting...
Unspecified Vulnerability in Oracle Knowledge (CNVD-2020-26992)
Oracle Knowledge is a complete knowledge management solution that provides personalized and seamless cross-channel service and support. A security vulnerability exists in the InQuira Search component in Oracle Knowledge 8.6.0-8.6.3. An attacker could exploit the vulnerability to cause a denial of...
PT-2019-16903 · Ibm · Ibm Websphere Extreme Scale
Name of the Vulnerable Software and Affected Versions: IBM WebSphere eXtreme Scale version 8.6 Description: The issue allows web pages to be stored locally, which can then be read by another user on the system, potentially leading to information disclosure. Recommendations: For IBM WebSphere...
IBM Business Process Manager Cross-Site Request Forgery Vulnerability
IBM Business Process Manager BPM is a comprehensive set of business process management platform from IBM in the United States. The platform provides a range of tools related to process modeling, assembly, monitoring and deployment for business. A cross-site request forgery vulnerability exists in...
Multiple Cross-Site Request Forgery Vulnerabilities in Cisco Unified MeetingPlace Server
Cisco Unified MeetingPlace conferencing solutions allow organizations to host integrated voice, video, and web conferences. Multiple cross-site request forgery vulnerabilities exist in the API functionality in Cisco Unified MeetingPlace version 8.6 1.9, which can be exploited by a remote attacker...