363 matches found
CVE-2025-59932 FlagForgeCTF Unauthenticated Resource Modification/Deletion
Flag Forge is a Capture The Flag CTF platform. From versions 2.0.0 to before 2.3.1, the /api/resources endpoint previously allowed POST and DELETE requests without proper authentication or authorization. This could have enabled unauthorized users to create, modify, or delete resources on the...
CVE-2025-57929
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kanweidoublethedonation Double the Donation double-the-donation allows Stored XSS.This issue affects Double the Donation: from n/a through = 2.0.0...
CVE-2025-57929
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kanweidoublethedonation Double the Donation double-the-donation allows Stored XSS.This issue affects Double the Donation: from n/a through = 2.0.0...
CVE-2025-57906 WordPress Epeken All Kurir plugin <= 2.0.6 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in epeken Epeken All Kurir epeken-all-kurir allows Stored XSS.This issue affects Epeken All Kurir: from n/a through = 2.0.6...
PT-2025-38800
Name of the Vulnerable Software and Affected Versions Glen Scott Plugin Security Scanner versions through 2.0.2 Description The software contains a flaw related to improper input handling during web page generation, which allows for Stored Cross-site Scripting XSS. This means that malicious scrip...
PT-2025-38510
Name of the Vulnerable Software and Affected Versions Service Finder SMS System plugin for WordPress versions prior to 2.1.0 Description The Service Finder SMS System plugin for WordPress does not verify a user's phone number before logging them in, leading to authentication bypass. This allows...
CVE-2025-59436
The ip aka node-ip package through 2.0.1 in NPM might allow SSRF because the IP address value 017700000001 is improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2024-29415...
AVTECH EagleEyes 安全漏洞
AVTECH EagleEyes is a remote instant monitoring mobile application from AVTECH, a Taiwan, China-based company. A security vulnerability exists in AVTECH EagleEyes version 2.0.0, which originates from setting ALLOWALLHOSTNAMEVERIFIER to bypass domain name authentication, which could lead to a...
CVE-2025-8691
The WP Scriptcase plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' parameter in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...
CVE-2025-57151
phpgurukul Complaint Management System 2.0 is vulnerable to Cross Site Scripting XSS in admin/userprofile.php via the fullname parameter...
CVE-2025-57814
request-filtering-agent is an https.Agent implementation that blocks requests to Private/Reserved IP addresses. Versions 1.x.x and earlier contain a vulnerability where HTTPS requests to 127.0.0.1 bypass IP address filtering, while HTTP requests are correctly blocked. This allows attackers to...
PT-2025-34300 · Unknown · Millenium Mp3 Studio
Name of the Vulnerable Software and Affected Versions: Millenium MP3 Studio versions through 2.0 Description: Millenium MP3 Studio versions up to and including 2.0 are vulnerable to a stack-based buffer overflow when parsing .pls playlist files. The application does not properly validate the leng...
PT-2025-33443 · Unknown · Phpgurukul Online Shopping Portal Project
Name of the Vulnerable Software and Affected Versions: PHPGurukul Online Shopping Portal Project version 2.0 Description: A SQL injection issue exists in the file /shopping/signup.php due to the manipulation of the emailid argument. This allows for remote attacks, and the exploit has been publicl...
CVE-2025-54679 WordPress Neon Channel Product Customizer Free Plugin <= 2.0 - Arbitrary Content Deletion Vulnerability
Missing Authorization vulnerability in vertim Neon Channel Product Customizer Free neon-channel-product-customizer-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Neon Channel Product Customizer Free: from n/a through = 2.0...
CVE-2025-54679
CVE-2025-54679 relates to the Neon Channel Product Customizer Free WordPress plugin (versions
PT-2025-32622 · WordPress · Simple Responsive Slider
Name of the Vulnerable Software and Affected Versions: Simple Responsive Slider versions prior to 2.0 Description: The Simple Responsive Slider plugin for WordPress is susceptible to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows authenticated...
Huawei EulerOS: Security Advisory for iputils (EulerOS-SA-2025-1930)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Microweber CMS 安全漏洞
Microweber CMS is a drag-and-drop website builder from Microweber Open Source. A security vulnerability exists in Microweber CMS version 2.0, which stems from a stored cross-site scripting vulnerability that could lead to the execution of arbitrary JavaScript code...
299Ko 代码问题漏洞
299Ko is a simple, fast and lightweight content management system from 299Ko open source. A code issue vulnerability exists in version 2.0.0 of 299Ko, which stems from the existence of unlimited uploads in the file management component in file/admin/filemanager/view...
xsser
XSSER ========== Presentation From XSS to RCE 2.75 - Black Hat Europe Arsenal 2017 Demo Version 2.0 - 2015: https://www.youtube.com/playlist?list=PLIjb28IYMQgqqqApoGRCZO40vP-eKsgf Version 2.5 - 2016: https://www.youtube.com/playlist?list=PLRic6PgcrsWGkgacL6WFnSQKVRZIoofRj Version 2.75 - 2017: Non...