21 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-44240
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - basic-ftp is an FTP client for Node.js. Prior to 5.3.1, basic-ftp is vulnerable to client-side denial of service when parsing FTP control-channel multiline...
CVE-2026-25896
fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. From 4.1.3to before 5.3.5, a dot . in a DOCTYPE entity name is treated as a regex wildcard during entity replacement, allowing an attacker to shadow...
PT-2026-21139
Name of the Vulnerable Software and Affected Versions VeronaLabs Slimstat Analytics versions through 5.3.2 Description The software contains a flaw due to improper handling of user-supplied data when creating web pages, which can lead to Reflected Cross-site Scripting XSS. This allows attackers t...
CVE-2025-13431
The SlimStat Analytics plugin for WordPress is vulnerable to time-based SQL Injection via the ‘args’ parameter in all versions up to, and including, 5.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possib...
WordPress plugin Order Splitter for WooCommerce SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...
WordPress plugin PDF for WPForms 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security...
CVE-2024-53406
Espressif Esp idf v5.3.0 is vulnerable to Insecure Permissions resulting in Authentication bypass. In the reconnection phase, the device reuses the session key from a previous connection session, creating an opportunity for attackers to execute security bypass attacks...
CVE-2024-13794
The WP Ghost Hide My WP Ghost – Security & Firewall plugin for WordPress is vulnerable to Login Page Dislcosure in all versions up to, and including, 5.3.02. This is due to the plugin not properly restricting the /wp-register.php path. This makes it possible for unauthenticated attackers to...
CVE-2024-37117
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Uncanny Owl Uncanny Automator Pro allows Reflected XSS.This issue affects Uncanny Automator Pro: from n/a through 5.3...
WordPress Uncanny Automator Pro plugin <= 5.3 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Uncanny Automator Pro versions = 5.3...
PT-2024-22930 · Metagauss · Registrationmagic
Name of the Vulnerable Software and Affected Versions: Metagauss RegistrationMagic versions 5.3.0.0 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the software. This type of issue allows an attacker to trick a user into performing unintended actions on a web application...
Astropy Security Breach
Astropy is a Python astronomy project designed to promote interoperability between Python astronomy packages. A security vulnerability exists in Astropy version 5.3.2, which stems from an improper input validation issue in the function TranformGraph.todotgraph, leading to a remote code execution...
Unisys Stealth Security Vulnerability
Unisys Stealth is a zero-trust security software from Unisys, Inc. A security vulnerability exists in Unisys Stealth version 5.3.062.0 that originates from allowing an attacker to view sensitive information via the Enterprise ManagementInstallermsi.log file...
Alarm Clock 安全漏洞
Alarm Clock is an app from the Smart Alarm Clock Team team. It is used to set the hours and minutes of an online alarm clock. A security vulnerability exists in Alarm Clock for Heavy Sleepers version v.5.3.2, which originates from allowing unauthorized applications to cause a denial of service vi...
SUSE CVE-2010-1864
The addcslashes function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information memory contents by causing a userspace interruption of an internal function, related to the call time pass by reference feature...
Adobe Creative Cloud Desktop Application 代码问题漏洞
Adobe Creative Cloud Desktop Application is the management software for various Creative Cloud applications and services. A command injection vulnerability exists in Adobe Creative Cloud Desktop Application 5.3 and earlier versions. An attacker can exploit this vulnerability to execute arbitrary...
CVE-2019-1777
A vulnerability in the web-based interface of the Cisco Registered Envelope Service could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against another user of the service. The vulnerability is due to insufficient validation of user-supplied input by the...
SUSE-SU-2017:2315-1 Security update for libreoffice
LibreOffice was updated to version 5.3.5.2, bringing new features and enhancements: Writer: - New 'Go to Page' dialog for quickly jumping to another page. - Support for 'Table Styles'. - New drawing tools were added. - Improvements in the toolbar. - Borderless padding is displayed. Calc: - New...
Evolution Script CMS Cross-Site Scripting Vulnerability
Evolution Script is managed by a team of professionals specializing in pay-per-click software development. A cross-site scripting vulnerability exists in the "status" parameter of the "Ticket Support" module of Evolution Script CMS version 5.3, which can be exploited by remote attackers to inject...
CVE-2017-6878
Cross-site scripting XSS vulnerability in MetInfo 5.3.15 allows remote authenticated users to inject arbitrary web script or HTML via the name2 parameter to admin/column/delete.php...