23 matches found
CVE-2026-9243
The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'carouseldirection' parameter of the Carousel Anything widget in versions up to, and including, 6.4.15 This is due to insufficient output escaping in the render function, where the...
Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to an issue in plexus-utils
Summary There is a vulnerability in plexus-utils used by IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVE CVE-2025-67030. Vulnerability Details CVEID:CVE-2025-67030 DESCRIPTION: Directory Traversal vulnerability ...
CVE-2026-6629
The CVE concerns Metasoft MetaCRM (up to v6.4.0) in the Interface component, specifically the file sql.jsp and its Statement.executeUpdate function. The vulnerability is a SQL injection caused by manipulation of the sql argument, enabling remote exploitation. Public exploit disclosure is noted, a...
CVE-2026-21743
The CVE-2026-21743 issue affects Fortinet FortiAuthenticator releases 6.6.0–6.6.6, all 6.5 series, and all 6.4 and 6.3 versions. It is a missing authorization vulnerability where a read-only user could modify local users by uploading a file to an unprotected endpoint. The CVSS 3.1 base score is 7...
[BSA-126] Security Update for incus
Mathias Gibbens uploaded new packages for incus which fixed the following security problems: CVE ID : CVE-2025-64507 It was discovered that Incus, a system container and virtual machine manager, is prone to a local privilege escalation vulnerability if unprivileged users are allowed access to Inc...
CVE-2025-11498 CSV Formula Injection Vulnerability
An Improper Neutralization of Formula Elements in a CSV File vulnerability exists in System Diagnostics Manager SDM of B&R Automation Runtime versions before 6.4 enabling a remote attacker to inject formula data into a generated CSV file. The exploitation of this vulnerability requires the attack...
CVE-2023-47825
Cross-Site Request Forgery CSRF vulnerability in TienCOP WP EXtra plugin = 6.4 versions...
CVE-2022-24745
Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions guest sessions are shared between customers when HTTP cache is enabled. This can lead to inconsistent experiences for guest users. Setups with Varnish are not affected b...
CVE-2022-24747
Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. Affected versions of shopware do no properly set sensitive HTTP headers to be non-cacheable. If there is an HTTP cache between the server and client then headers may be exposed via HTTP...
SUSE SLES15 Security Update : kernel RT (Live Patch 3 for SLE 15 SP6) (SUSE-SU-2025:01603-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:01603-1 advisory. This update for the Linux Kernel 6.4.0-1506001011 fixes several issues. The following security issues were fixed: - CVE-2024-53042: ipv4:...
CVE-2025-28094
shopxo v6.4.0 has a ssrf/xss vulnerability in multiple places...
CVE-2025-28092
ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery SSRF via image upload function...
PT-2025-7700
Name of the Vulnerable Software and Affected Versions vTiger CRM version 6.4.0 Description A problematic issue has been identified, affecting the /modules/Mobile/index.php file. The manipulation of the operation argument leads to cross-site scripting. This issue can be exploited remotely...
CVE-2022-24872
Shopware is an open commerce platform based on Symfony Framework and Vue. Permissions set to sales channel context by admin-api are still usable within normal user session. Users are advised to update to the current version 6.4.10.1. For older versions of 6.1, 6.2, and 6.3, corresponding security...
WordPress Spam protection, Anti-Spam, FireWall by CleanTalk plugin <= 6.43.2 - Authorization Bypass via Reverse DNS Spoofing vulnerability
Authorization Bypass via Reverse DNS Spoofing vulnerability discovered by mikemyers in WordPress Plugin Spam protection, AntiSpam, FireWall by CleanTalk versions = 6.43.2...
CVE-2024-52007 XXE vulnerability in XSLT parsing in `org.hl7.fhir.core`
HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. XSLT parsing performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host...
ncurses 缓冲区错误漏洞
ncurses is a character terminal processing library that provides a set of functions for users to call and generate text-based user interfaces. A security vulnerability exists in versions prior to ncurses 6.4 20230408. An attacker could exploit this vulnerability to cause memory corruption...
Group Office CRM Cross-Site Scripting Vulnerability (CNVD-2021-29739)
Group Office CRM is a software application. Share projects, calendars, files and emails with colleagues and clients online. Easy to use and fully customizable. A cross-site scripting vulnerability exists in the Contacts page in Group Office CRM version 6.4.196. An attacker can exploit this...
SSH.COM SSH Tectia Client and Server 安全漏洞
SSH.COM SSH Tectia Client and Server is an application from Finland SSH.COM. It is used for secure file transfer and remote access. A security vulnerability exists in SSH Tectia Client and Server before 6.4.19 that allows escalation of local privileges under non-standard conditions...
CVE-2019-4541
IBM Security Directory Server 6.4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 165814...