18 matches found
WordPress APIExperts Square for WooCommerce plugin <= 4.7.3 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Peng Zhou in WordPress Plugin APIExperts Square for WooCommerce versions = 4.7.3...
PT-2026-49301
Name of the Vulnerable Software and Affected Versions Kandji Agent versions prior to 4.7.55374 Description A client validation gap in the software allows a local attacker to escalate privileges and invoke restricted agent functionality. Recommendations Update to version 4.7.55374 or later...
CVE-2026-40337 Sentry kernel has incomplete ownership check for IRQ line manipulation
The Sentry kernel is a high security level micro-kernel implementation made for high security embedded systems. A given task with one of the DEV or IO capability is able to interact with another task's IRQ line through the sysint syscall familly. Prior to version 0.4.7, this can lead to DoS and...
CVE-2026-1706
The All-in-One Video Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'vi' parameter in all versions up to, and including, 4.7.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...
CVE-2022-23869
In RuoYi v4.7.2 through the WebUI, user test1 does not have permission to reset the password of user test3, but the password of user test3 can be reset through the /system/user/resetPwd request...
CVE-2025-14447 AnnunciFunebri Impresa <= 4.7.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Options Deletion
The AnnunciFunebri Impresa plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the annfuresetoptions function in all versions up to, and including, 4.7.0. This makes it possible for authenticated attackers, with Subscriber-level access and...
CVE-2025-11699
nopCommerce v4.70 and prior, and version 4.80.3, does not invalidate session cookies after logout or session termination, allowing an attacker who has a a valid session cookie access to privileged endpoints such as /admin even after the legitimate user has logged out, enabling session hijacking...
Ilevia EVE X1 Server 安全漏洞
Ilevia EVE X1 Server is a smart home and building automation from Ilevia, Italy. A security vulnerability exists in Ilevia EVE X1 Server version 4.7.18.0.eden and prior versions, which stems from storing passwords using the unsalted MD5 hash algorithm, which could lead to an offline dictionary...
EUVD-2025-31279
Malicious code in bioql PyPI...
DEBIAN-CVE-2024-13978
A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as problematic. Affected by this vulnerability is the function t2preadtiffinit of the file tools/tiff2pdf.c of the component fax2ps. The manipulation leads to null pointer dereference. The attack needs to be approached locally...
CVE-2024-41739
IBM Cognos Dashboards 4.0.7 and 5.0.0 on Cloud Pak for Data could allow a remote attacker to perform unauthorized actions due to dependency confusion...
WordPress plugin FlickRocket 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin FlickRocke...
WordPress SP Project & Document Manager plugin <= 4.71 - Data Update and File Download via IDOR vulnerability
Data Update and File Download via IDOR vulnerability discovered by fewwords in WordPress Plugin SP Project & Document Manager versions = 4.71...
多款Dell产品 安全漏洞
Dell Command Update and Dell Update and Alienware Update are both products of Dell, Inc.Dell Command Update is a tool used to automatically update drivers, BIOS, and firmware in Dell products.Dell Update and Alienware Update is an update application. A security vulnerability exists in Dell...
TrueConf Server 跨站脚本漏洞
TrueConf Server is a self-hosted and secure video collaboration platform from the Russian company TrueConf. version 4.3.7 of TrueConf Server is vulnerable to a cross-site scripting vulnerability that could be exploited by attackers to execute arbitrary HTML and script code in the user's browser...
Ignite Realtime Openfire Cross-Site Scripting Vulnerability
Openfire is a cross-platform real-time collaboration server based on the XMPP Jabber protocol. A cross-site scripting vulnerability exists in the administration console in Ignite Realtime Openfire server versions prior to 4.1.7. An attacker can execute arbitrary JavaScript code on the victim clie...
Heaven Soft CMS 4.7 SQL Injection
x Tybe: SQL Injection Vulnerabilities x Vendor: http://www.newyorkindoorcricket.com/ x Script Name: Heaven Soft, CMS Version: 4.7 x author: PrinceofHacking x Team: Ashiyane Digital Security Team x Mail : PrincedotH4ck@gmaildotcom D0rk:"photogalleryshow.php?id" Exploit:...
2021-08 Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows Server 2019 for ARM64 (KB5004870)
2021-08 Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows Server 2019 for ARM64 KB5004870...