537 matches found
SuperAGI 路径遍历漏洞
SuperAGI is an open source infrastructure application from SuperAGI Open Source. It is used to build components, tools, frameworks and models to implement open source AGI. A path traversal vulnerability exists in SuperAGI version 0.0.14, which stems from path traversal in the file upload...
Open Panel OpenAdmin 安全漏洞
Open Panel OpenAdmin is a free Laravel-based open administration panel from Open Panel, Inc. A security vulnerability exists in Open Panel OpenAdmin version 0.3.4, which stems from cross-site request forgery and could lead to elevation of privilege...
CVE-2024-53388
A DOM Clobbering vulnerability in mavo v0.3.2 allows attackers to execute arbitrary code via supplying a crafted HTML element...
WordPress plugin Guten Free Options 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin ... A cross-site scripting...
PT-2025-7763 · Unknown · Nurelm Get Posts
Name of the Vulnerable Software and Affected Versions: nurelm Get Posts versions 0.6 and earlier Description: The issue is related to improper neutralization of input during web page generation, which leads to a Cross-site Scripting XSS vulnerability. Specifically, it is a Stored XSS vulnerabilit...
WordPress List Urls Plugin <= 0.2 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability
CSRF to Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin List Urls versions = 0.2...
PT-2025-6906
Name of the Vulnerable Software and Affected Versions: GNU elfutils version 0.192 Description: A problem has been found in GNU elfutils that affects the gelf getsymshndx function of the file strip.c in the eu-strip component. This issue leads to denial of service and must be approached locally. T...
CVE-2024-57777
Directory Traversal vulnerability in Ianproxy v.0.1 and before allows a remote attacker to obtain sensitive information...
CVE-2024-5827
Vanna v0.3.4 is vulnerable to SQL injection in its DuckDB integration exposed to its Flask Web APIs. Attackers can inject malicious SQL training data and generate corresponding queries to write arbitrary files on the victim's file system, such as backdoor.php with contents . This can lead to...
WordPress plugin JustRows free 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress plugin iBuildApp 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
CVE-2024-57098
Moss v0.1.3 version has an SQL injection vulnerability that allows attackers to inject carefully designed payloads into the order parameter...
PT-2025-3401 · Moss · Moss
Name of the Vulnerable Software and Affected Versions: Moss version v0.1.3 Description: The issue is related to an SQL injection vulnerability that allows attackers to inject carefully designed payloads into the order parameter. This vulnerability can be exploited by injecting malicious input int...
PYSEC-2025-58
vLLM is a library for LLM inference and serving. vllm/modelexecutor/weightutils.py implements hfmodelweightsiterator to load the model checkpoint, which is downloaded from huggingface. It uses the torch.load function and the weightsonly parameter defaults to False. When torch.load loads malicious...
WordPress plugin Responsivity 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
NLnet Routinator 安全漏洞
NLnet Routinator is an RPKI Resource Public Key Infrastructure validator from the NLnet team written in the Rust language. A security vulnerability exists in NLnet Routinator version 0.14.0 and earlier, which stems from code that initially parses a manifest without checking the contents of the...
WordPress plugin Flexible Blogtitle 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...
WordPress plugin SOCIAL.NINJA 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site...
WordPress plugin Simple Vertical Timeline 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress plugin HTTP to HTTPS link changer by Eyga.net 跨站请求伪造漏洞
WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. WordPress plugin HTTP to HTTPS link changer by...