7 matches found
CVE-2026-52203
Technical details about CVE-2026-52203 are not publicly available in the provided documents; no information on affected components, root cause, or remediation is included. Monitor for updates.
CVE-2026-1165
CVE-2026-1165 affects Popup Box for WordPress up to version 6.1.1. The vulnerability is a Cross-Site Request Forgery due to a flawed nonce implementation in publish_unpublish_popupbox that validates a self-created nonce instead of the request nonce, enabling unauthenticated attackers to change po...
EUVD-2025-206236
vega-functions vulnerable to Cross-site Scripting via setdata function...
CVE-2025-66648 `vega-functions` vulnerable to Cross-site Scripting via `setdata` function
vega-functions provides function implementations for the Vega expression language. Prior to version 6.1.1, for sites that allow users to supply untrusted user input, malicious use of an internal function not part of the public API could be used to run unintentional javascript XSS. This issue is...
PT-2025-46987
Name of the Vulnerable Software and Affected Versions Desktop Alert PingAlert versions 6.1.0.11 through 6.1.1.2 Description A flaw exists in the Application Server of Desktop Alert PingAlert that can lead to the disclosure of technical information via stack traces. Recommendations Update to a...
DTEX DEC-M 安全漏洞
DTEX DEC-M is a unified internal risk management platform from DTEX Corporation. A security vulnerability exists in DTEX DEC-M version 6.1.1, which stems from a lack of proper logical validation, and allows an attacker to elevate privileges to root via an unauthorized client connection using the...
Unspecified Vulnerability in Oracle Payment Interface Component
Oracle Hospitality Applications is a suite of business applications, servers and storage solutions for hospitality management from Oracle. The solution provides human resource cost management, provides tracking and management of services throughout the customer's journey to improve customer...