13 matches found
EUVD-2026-28312
YesWiki is a wiki system written in PHP. Prior to version 4.6.1, YesWiki bazar module contains a SQL injection vulnerability in tools/bazar/services/EntryManager.php at line 704. The $data'idfiche' value sourced from $POST'idfiche' is concatenated directly into a raw SQL query without any...
PT-2025-48234
The Customer Reviews Collector for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email-text' parameter in all versions up to, and including, 4.6.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
EUVD-2025-28026
Malicious code in bioql PyPI...
WordPress plugin Tournamatch security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
Pixel & tonic Craft CMS Injection Vulnerability
Pixel & tonic Craft CMS is a content management system CMS from Pixel & tonic Inc. in the United States. An injection vulnerability exists in Craft CMS version 4.6.1, which stems from the system's use of an unselected volume of the asset element type to save feeds, and can be exploited by a remot...
WordPress plugin AI ChatBot 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
PT-2023-17166 · Xunruicms · Xunruicms
Name of the Vulnerable Software and Affected Versions: Xunrui CMS version 4.61 Description: A vulnerability was found in Xunrui CMS, affecting some unknown functionality of the file /dayrui/Fcms/View/system log.html. This issue leads to information disclosure and can be exploited remotely...
SUSE CVE-2018-13347
mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002...
PYSEC-2021-104
Zope is an open-source web application server. This advisory extends the previous advisory at https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36 with additional cases of TAL expression traversal vulnerabilities. Most Python modules are not available for using in TAL...
Cisco IoT Field Network Director Cross-Site Scripting Vulnerability
Cisco IoT Field Network Director FND is a network management system for large-scale FAN deployments. A cross-site scripting vulnerability exists in the web UI of Cisco IoT Field Network Director versions prior to 4.6.1. The vulnerability stems from insufficient validation of user-supplied input...
Cisco IoT Field Network Director 路径遍历漏洞
Cisco IoT Field Network Director FND is a network management system for large-scale FAN deployments. A file overwrite vulnerability exists in Cisco IoT Field Network Director versions prior to 4.6.1. The vulnerability stems from inadequate file system protection. An attacker can exploit the...
CVE-2019-8236
Creative Cloud Desktop Application version 4.6.1 and earlier versions have Security Bypass vulnerability. Successful exploitation could lead to Privilege Escalation in the context of the current user...
CVE-2019-7957
Creative Cloud Desktop Application versions 4.6.1 and earlier have a security bypass vulnerability. Successful exploitation could lead to denial of service...