8 matches found
CVE-2026-34077
React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components RSC APIs, there is a potential client-side Cross-Site Scripting XSS vulnerability in the RSC redirect handling if redirects come from untrusted sources. This does not...
phpPgAdmin contains a remote command execution vulnerability
phpPgAdmin 7.13.0 contains a remote command execution vulnerability that allows authenticated attackers to execute arbitrary system commands through SQL query manipulation. Attackers can create a custom table, upload a malicious .txt file, and use the COPY FROM PROGRAM command to execute operatin...
PT-2025-51405
Name of the Vulnerable Software and Affected Versions Avada versions through 7.13.1 Description A missing authorization flaw exists in ThemeFusion Avada. This issue allows access to functionality that is not properly restricted by Access Control Lists ACLs. Recommendations Update Avada to a versi...
GHSA-H369-CPJJ-QFFF phppgadmin vulnerable to Cross-site Scripting
phpPgAdmin versions 7.13.0 and earlier contain multiple cross-site scripting XSS vulnerabilities across various components. User-supplied inputs from $REQUEST parameters are reflected in HTML output without proper encoding or sanitization in multiple locations including sequences.php, indexes.php...
CVE-2025-64484
OAuth2-Proxy is an open-source tool that can act as either a standalone reverse proxy or a middleware component integrated into existing reverse proxy or load balancer setups. In versions prior to 7.13.0, all deployments of OAuth2 Proxy in front of applications that normalize underscores to dashe...
WinRAR Zero-Day CVE-2025-8088 Exploited to Spread RomCom Malware
Critical WinRAR flaw CVE-2025-8088 exploited by Russia-linked hackers to spread RomCom malware, update to version 7.13 now to…...
SuiteCRM 跨站脚本漏洞
SuiteCRM is a free open source customer relationship management application. A stored cross-site scripting vulnerability exists in the Document Preview feature of SuiteCRM 7.11.13. A remote authenticated attacker can exploit this vulnerability to inject arbitrary web script or HTML...
Unspecified Vulnerability in Schneider Electric Pelco Digital Sentry Video Management System
Schneider Electric Pelco Digital Sentry Video Management System is a video recording system from Schneider Electric France. A security vulnerability exists in the Schneider Electric Pelco Digital Sentry Video Management System using firmware prior to version 7.13, which stems from the program's u...