223 matches found
CVE-2025-13853 Nearby Now Reviews <= 5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The Nearby Now Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'datatech' parameter of the nn-tech shortcode in all versions up to, and including, 5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2025-13853 Nearby Now Reviews <= 5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The Nearby Now Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'datatech' parameter of the nn-tech shortcode in all versions up to, and including, 5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2022-27340
MCMS v5.2.7 contains a Cross-Site Request Forgery CSRF via /role/saveOrUpdateRole.do. This vulnerability allows attackers to escalate privileges and modify data...
CVE-2025-69351 WordPress Ninja Tables plugin <= 5.2.4 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Shahjahan Jewel Ninja Tables ninja-tables allows Blind SQL Injection.This issue affects Ninja Tables: from n/a through = 5.2.4...
PT-2025-54273
Name of the Vulnerable Software and Affected Versions Simple Archive Generator versions through 5.2 Description A Cross-Site Request Forgery CSRF issue exists in Simple Archive Generator, which also allows for Stored Cross-Site Scripting XSS. The issue allows for unauthorized actions to be...
PT-2025-52223
Use of Hard-coded Credentials vulnerability in Utarit Information Services Inc. SoliClub allows Read Sensitive Constants Within an Executable.This issue affects SoliClub: from 5.2.4 before 5.3.7...
CVE-2025-68071
CVE-2025-68071 describes an Insecure Direct Object Reference (IDOR) in the WordPress plugin “Essential Real Estate” (vendor: g5theme, affected: Essential Real Estate
Remote Code Execution
Mingsoft MCMS is a Java CMS. Versions prior to and including 5.2.5 contain a file upload vulnerability allowing for a jspx webshell to be uploaded via net.mingsoft.basic.action.web.FileActionupload, resulting in remote code execution. It is unclear if this issue has been patched...
CVE-2025-67519
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Shahjahan Jewel Ninja Tables ninja-tables allows SQL Injection.This issue affects Ninja Tables: from n/a through = 5.2.3...
CVE-2025-67586
Missing Authorization vulnerability in Ronald Huereca Highlight and Share highlight-and-share allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Highlight and Share: from n/a through = 5.2.0...
CVE-2025-67586
Missing Authorization vulnerability in Ronald Huereca Highlight and Share highlight-and-share allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Highlight and Share: from n/a through = 5.2.0...
PYSEC-2025-109
An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27.Algorithmic complexity in django.core.serializers.xmlserializer.getInnerText allows a remote attacker to cause a potential denial-of-service attack triggering CPU and memory exhaustion via specially crafted XML...
CVE-2025-13814
A security flaw has been discovered in moxi159753 Mogu Blog v2 up to 5.2. Impacted is the function LocalFileServiceImpl.uploadPictureByUrl of the file /file/uploadPicsByUrl. The manipulation results in server-side request forgery. The attack can be launched remotely. The exploit has been released...
EUVD-2025-199973
A security vulnerability has been detected in moxi159753 Mogu Blog v2 up to 5.2. The impacted element is the function FileOperation.unzip of the file /networkDisk/unzipFile of the component ZIP File Handler. Such manipulation of the argument fileUrl leads to path traversal. The attack may be...
CVE-2025-13814
A security flaw has been discovered in moxi159753 Mogu Blog v2 up to 5.2. Impacted is the function LocalFileServiceImpl.uploadPictureByUrl of the file /file/uploadPicsByUrl. The manipulation results in server-side request forgery. The attack can be launched remotely. The exploit has been released...
EUVD-2025-199958
A vulnerability was identified in moxi159753 Mogu Blog v2 up to 5.2. This issue affects some unknown processing of the file /storage/ of the component Storage Management Endpoint. The manipulation leads to missing authorization. The attack can be initiated remotely. The attack's complexity is rat...
"FOD" App uses hard-coded cryptographic keys
Overview "FOD" App provided by Fuji Television Network, Inc. uses hard-coded cryptographic keys Use of hard-coded cryptographic key CWE-321 - CVE-2025-64304 The keys are used in the processing of JWT data. Impact The cryptographic keys may be retrieved. The developer considers that the impact is...
CVE-2025-11446
Insertion of Sensitive Information into Log File vulnerability in upKeeper Solutions upKeeper Manager allows Use of Known Domain Credentials.This issue affects upKeeper Manager: from 5.2.0 before 5.2.12...
CVE-2025-52670
Missing authorization check in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes users on the system to delete banners owned by other accounts...
Security Bulletin: Multiple Vulnerabilities in IBM watsonx Code Assistant On Prem
Summary Multiple vulnerabilities were addressed in IBM watsonx Code Assistant On Prem V5.2.2 Vulnerability Details CVEID:CVE-2024-55459 DESCRIPTION: An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the getfile...