22 matches found
EUVD-2026-36935
Author PHP Object Injection in ShortPixel Image Optimizer = 6.4.3 versions...
CVE-2026-4335 ShortPixel Image Optimizer <= 6.4.3 - Authenticated (Author+) Stored Cross-Site Scripting via Attachment Title
The ShortPixel Image Optimizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the attachment posttitle in all versions up to, and including, 6.4.3. This is due to insufficient output escaping in the getEditorPopup function and its corresponding media-popup.php template...
CVE-2021-2476
Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain component: Authentication. The supported version that is affected is 6.4.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Transportation...
Eclipse ThreadX NetX Duo 安全漏洞
Eclipse ThreadX NetX Duo is an IPv4 and IPv6 dual network stack for Eclipse ThreadX open source. A security vulnerability exists in Eclipse ThreadX NetX Duo versions prior to 6.4.3, which stems from an unclosed file and could lead to a denial of service...
GHSA-HH3M-G4QJ-4835 Spring Security Vulnerable to Authorization Bypass via Security Annotations
Spring Security 6.4.0 - 6.4.3 may not correctly locate method security annotations on parameterized types or methods. This may cause an authorization bypass. You are not affected if you are not using @EnableMethodSecurity, or you do not have method security annotations on parameterized types or...
PT-2025-2914 · Unknown · Fancy Product Designer
Name of the Vulnerable Software and Affected Versions: Fancy Product Designer versions n/a through 6.4.3 Description: The issue is related to an improper neutralization of special elements used in an SQL command, also known as a SQL Injection vulnerability. This vulnerability can allow an attacke...
CVE-2024-32770
A cross-site scripting XSS vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow remote attackers who have gained user access to inject malicious code. We have already fixed the vulnerability in the following version: Photo Station 6.4.3 2024/07/12 a...
PT-2024-24839 · Synology · Photo Station
Name of the Vulnerable Software and Affected Versions: Photo Station versions prior to 6.4.3 Description: A cross-site scripting XSS vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow remote attackers who have gained user access to inject maliciou...
QNAP Systems Photo Station 跨站脚本漏洞
QNAP Systems Photo Station is an online photo album from QNAP Systems, Inc. It is used to organize multimedia content photos and videos on Qnap Nas. A cross-site scripting vulnerability exists in QNAP Systems Photo Station prior to version 6.4.3, which stems from the inclusion of a cross-site...
PT-2024-24838 · Synology · Photo Station
Name of the Vulnerable Software and Affected Versions: Photo Station versions prior to 6.4.3 Description: A cross-site scripting XSS vulnerability has been reported. If exploited, the vulnerability could allow remote attackers who have gained user access to inject malicious code. Recommendations:...
WordPress ElementsReady Addons for Elementor plugin <= 6.4.3 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability
Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Francesco Carlucci in WordPress Plugin ElementsReady Addons for Elementor versions = 6.4.3...
CVE-2024-24997
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM...
CVE-2024-24999
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM...
Ivanti Avalanche 安全漏洞
Ivanti Avalanche is an enterprise mobile device management system from Ivanti, USA. The system is primarily used to manage devices such as smartphones, tablets and barcode scanners. A security vulnerability exists in Ivanti Avalanche prior to version 6.4.3, which stems from a path traversal...
Ivanti Avalanche 安全漏洞
Ivanti Avalanche is an enterprise mobile device management system from Ivanti, USA. The system is primarily used to manage devices such as smartphones, tablets and barcode scanners. A security vulnerability exists in Ivanti Avalanche prior to version 6.4.3, which stems from a competitive conditio...
Ivanti Avalanche 安全漏洞
Ivanti Avalanche is an enterprise mobile device management system from Ivanti, USA. The system is primarily used to manage devices such as smartphones, tablets and barcode scanners. A security vulnerability exists in Ivanti Avalanche prior to version 6.4.3, which stems from a path traversal...
Ivanti Avalanche 安全漏洞
Ivanti Avalanche is an enterprise mobile device management system from Ivanti, USA. The system is primarily used to manage devices such as smartphones, tablets and barcode scanners. A security vulnerability exists in Ivanti Avalanche prior to version 6.4.3, which stems from a null pointer...
UBUNTU-CVE-2023-5692
WordPress Core is vulnerable to Sensitive Information Exposure in versions up to, and including, 6.4.3 via the redirectguess404permalink function. This can allow unauthenticated attackers to expose the slug of a custom post whose 'publiclyqueryable' post status has been set to 'false'...
CVE-2021-35616
Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain component: UI Infrastructure. The supported version that is affected is 6.4.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Transportation...
CVE-2021-2476
Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain component: Authentication. The supported version that is affected is 6.4.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Transportation...