23 matches found
CVE-2026-12780
AOMEI Backupper Kernel Driver amwrtdrv.sys (library within the Kernel Driver) up to version 8.3.0 is affected. The vulnerability enables local privilege escalation via improper access control in amwrtdrv.sys. Exploitation is local and reportedly has public disclosure; no exploit vector details ar...
CVE-2025-31413
Cross-Site Request Forgery CSRF vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Cross Site Request Forgery.This issue affects Element Pack Elementor Addons: from n/a through = 8.3.13...
VulnCheck KEV: CVE-2025-6389
The Sneeit Framework plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 8.3 via the sneeitarticlespaginationcallback function. This is due to the function accepting user input and then passing that through calluserfunc. This makes it possible for...
Snipe-IT 安全漏洞
Snipe-IT is an open source IT asset/license management system from Grokability Open Source. A security vulnerability exists in Snipe-IT version v8.3.4, which stems from the presence of reflective cross-site scripting in the CSV import workflow, which could lead to the execution of arbitrary...
CVE-2025-13196
The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Open Street Map widget's marker content parameter in all versions up to, and including, 8.3.4. This is due to insufficient input sanitization and output escaping on user-supplied...
CVE-2025-63601
Snipe-IT before version 8.3.3 contains a remote code execution vulnerability that allows an authenticated attacker to upload a malicious backup file containing arbitrary files and execute system commands...
tsup DOM Clobbering vulnerability
A DOM Clobbering vulnerability in tsup v8.3.4 allows attackers to execute arbitrary code via a crafted script in the import.meta.url to document.currentScript in cjsshims.js components...
CVE-2024-53384
A DOM Clobbering vulnerability in tsup v8.3.4 allows attackers to execute arbitrary code via a crafted script in the import.meta.url to document.currentScript in cjsshims.js components...
Shenzhen Guoxin Synthesis Image System Security Vulnerability
Shenzhen Guoxin Synthesis image system is an image system from Shenzhen Guoxin Synthesis, a company based in Shenzhen, China. A security vulnerability exists in Shenzhen Guoxin Synthesis Image System versions prior to 8.3.0 that originates from allowing unauthorized user information to be retriev...
PT-2024-21028 · Unknown · Livemesh Addons For Elementor
Name of the Vulnerable Software and Affected Versions: Livemesh Addons for Elementor versions n/a through 8.3 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker...
CVE-2023-29276
Adobe Substance 3D Painter versions 8.3.0 and earlier is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
Adobe Substance 3D Painter 缓冲区错误漏洞
Adobe Substance 3D Painter is a 3D texturing application from the American company Audobee Adobe. An out-of-bounds write vulnerability exists in Adobe Substance 3D Painter 8.3.0 and earlier versions, which can be exploited by an attacker to execute code in the current user's context...
CVE-2022-32442
u5cms version 8.3.5 is vulnerable to Cross Site Scripting XSS. When a user accesses the default home page if the parameter passed in is http://127.0.0.1/? "Onmouseover=%27tzgl 96502%27bad=", it can cause html injection...
UBUNTU-CVE-2020-15778
scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a...
zzcms SQL Injection Vulnerability (CNVD-2019-13260)
ZZCMS is a content management system CMS by the ZZCMS team in China. A SQL injection vulnerability exists in the /user/logincheck.php file in ZZCMS version 8.3. The vulnerability can be exploited by a remote attacker to execute SQL commands with the help of the 'X-Forwarded' parameter in the HTTP...
zzcms SQL Injection Vulnerability (CNVD-2018-26013)
ZZCMS is a CMS Content Management System used to quickly build Merchants type websites. A SQL injection vulnerability exists in the ajax/zs.php file in ZZCMS version 8.3. A remote attacker can exploit this vulnerability to obtain the current user name of mysql with the help of pxzs cookie...
SQL injection vulnerability in ZZCMS version 8.3 zs***.php file (CNVD-2018-19952)
ZZCMS is a CMS Content Management System used to quickly build Merchants type websites. A SQL injection vulnerability exists in the zs.php file of ZZCMS version 8.3. An attacker can exploit the vulnerability to obtain sensitive information from the database...
SQL injection vulnerability in ZZCMS 8.3 sp***.php file
ZZCMS is a CMS Content Management System used to quickly build Merchants type websites. A SQL injection vulnerability exists in the sp.php file of ZZCMS version 8.3. An attacker can exploit the vulnerability to obtain sensitive information from the database...
zzcms SQL Injection Vulnerability (CNVD-2018-19742)
ZZCMS is a CMS Content Management System used to quickly build Merchants type websites. A SQL injection vulnerability exists in the /user/check.php file in ZZCMS version 8.3. A remote attacker can exploit this vulnerability to execute SQL commands with the help of Client-Ip HTTP packet header...
Denial of Service Vulnerability in RSA Authentication Manager
Dell EMC RSA Authentication Manager is a centralized suite of binary authentication software from Dell USA. The software centralizes the management of binary identities, security tokens, methods, and users across physical sites.RSA Authentication Manager Security Console is one of the security...