17 matches found
OESA-2026-2834 libtiff security update
This provides support for the Tag Image File Format TIFF, a widely used format for storing image data. The latest version of the TIFF specification is available on-line in several different formats.And contains command-line programs for manipulating TIFF format image files using the libtiff...
EUVD-2026-36917
Unauthenticated Broken Access Control in Simple Membership = 4.7.1 versions...
CVE-2026-45211
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Saad Iqbal APIExperts Square for WooCommerce woosquare allows Blind SQL Injection.This issue affects APIExperts Square for WooCommerce: from n/a through = 4.7.1...
PT-2026-40011
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Saad Iqbal APIExperts Square for WooCommerce woosquare allows Blind SQL Injection.This issue affects APIExperts Square for WooCommerce: from n/a through = 4.7.1...
JLSEC-2026-484
libtiff up to v4.7.1 was discovered to contain a NULL pointer dereference via the component libtiff/tifopen.c...
WordPress All-in-One Video Gallery plugin <= 4.7.1 - Reflected Cross-Site Scripting via 'vi' Parameter vulnerability
Reflected Cross-Site Scripting via 'vi' Parameter vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin All-in-One Video Gallery versions = 4.7.1...
CVE-2025-61145
libtiff up to v4.7.1 was discovered to contain a double free via the component tools/tiffcrop.c...
CVE-2025-15144 dayrui XunRuiCMS JSONP Callback Init.php dr_exit_msg cross site scripting
A weakness has been identified in dayrui XunRuiCMS up to 4.7.1. The impacted element is the function drshowerror/drexitmsg of the file /dayrui/Fcms/Init.php of the component JSONP Callback Handler. This manipulation of the argument callback causes cross site scripting. The attack can be initiated...
CVE-2025-67495
ZITADEL’s DOM-Based XSS in Zitadel V2 logout (CVE-2025-67495) affects 4.0.0-rc.1 through 4.7.0 via the /logout endpoint, where the post_logout_redirect parameter could be used to route malicious JavaScript to a user’s browser. The issue requires multiple active sessions in the same browser and is...
CVE-2025-60125
Insertion of Sensitive Information Into Sent Data vulnerability in themelooks FoodBook foodbook allows Retrieve Embedded Sensitive Data.This issue affects FoodBook: from n/a through = 4.7.6...
CVE-2023-45766
Missing Authorization vulnerability in Poll Maker Team Poll Maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through 4.7.1...
PT-2024-37380 · WordPress · Wp Ulike
Name of the Vulnerable Software and Affected Versions: WP ULike WordPress plugin versions prior to 4.7.1 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example in...
WordPress Defender plugin <= 4.7.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Defender Security versions = 4.7.1...
Jfinal CMS 路径遍历漏洞
Jfinal CMS is a powerful information consulting website developed in java, using JFinal as the web framework, template engine with beetl, database with mysql, front-end bootstrap framework. jfinal CMS 4.7.1 and earlier versions have improper access control vulnerabilities. An attacker could use t...
CVE-2019-19748
The Work Time Calendar app before 4.7.1 for Jira allows XSS...
CVE-2018-6980
VMware vRealize Log Insight 4.7.x before 4.7.1 and 4.6.x before 4.6.2 contains a vulnerability due to improper authorization in the user registration method. Successful exploitation of this issue may allow Admin users with view only permission to perform certain administrative functions which the...
Wowza Streaming Engine Directory Traversal Vulnerability
Wowza Streaming Engine is a streaming media server software from Wowza Media Systems. The program supports live streaming, VOD, online video chat, and remote recording. A security vulnerability exists in com.wowza.wms.timedtext.http.HTTPProviderCaptionFile in Wowza Streaming Engine versions prior...