50 matches found
XWiki Platform SQL注入漏洞
XWiki Platform is XWiki's open source suite of Wiki platforms for creating web collaboration applications. XWiki Platform suffers from a SQL injection vulnerability that originates from a remote unauthenticated user who can escape the HQL execution context and perform blind SQL injection, which...
CVE-2025-26998
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sonalsinha21 SKT Blocks – Gutenberg based Page Builder allows Stored XSS. This issue affects SKT Blocks – Gutenberg based Page Builder: from n/a through 1.8...
PT-2025-1429 · Magma · Magma
Name of the Vulnerable Software and Affected Versions: Magma versions 1.8.0 and earlier Description: A null pointer dereference issue in the Mobile Management Entity MME allows network-adjacent attackers to crash the MME via an S1AP "S1Setup Request" packet that is missing an expected Supported T...
PT-2024-35927 · WordPress · Wp Geonames
Name of the Vulnerable Software and Affected Versions: WP GeoNames versions 1.8 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Reflected XSS. Recommendations: For WP GeoNames version...
WordPress ForumEngine theme <= 1.8 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by rajanhoyr in WordPress Theme ForumEngine versions = 1.8...
WordPress plugin Parallax Image 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2024-30921 · Opor Ayam · Opor Ayam
Name of the Vulnerable Software and Affected Versions: Opor Ayam versions 1.8 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This vulnerability allows Reflected XSS, which can be exploited by...
WordPress SKT Addons for Elementor plugin <= 1.8 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Khalid Patchstack Alliance in WordPress Plugin SKT Addons for Elementor versions = 1.8...
SUSE CVE-2013-4931
epan/proto.c in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allows remote attackers to cause a denial of service loop via a crafted packet that is not properly handled by the GSM RR dissector...
SUSE CVE-2018-17197
A carefully crafted or corrupt sqlite file can cause an infinite loop in Apache Tika's SQLite3Parser in versions 1.8-1.19.1 of Apache Tika...
CVE-2021-37393
In RPCMS v1.8 and below, the "nickname" variable is not properly sanitized before being displayed on page. Attacker can use "update password" function to inject XSS payloads into nickname variable, and achieve stored XSS. Users who view the articles published by the injected user will trigger the...
CloudBees Jenkins buildgraph-view Plugin Cross-Site Scripting Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . A cross-site scripting vulnerability exists in CloudBees Jenkins buildgraph-view Plugin 1.8 and earlier versions. The vulnerability stems from a WEB application t...
PT-2019-7495 · Pippin Williamson · Easy Digital Downloads
Name of the Vulnerable Software and Affected Versions: Easy Digital Downloads EDD versions 1.8.x through 1.8.6 Easy Digital Downloads EDD versions 1.9.x through 1.9.9 Easy Digital Downloads EDD versions 2.0.x through 2.0.4 Easy Digital Downloads EDD versions 2.1.x through 2.1.10 Easy Digital...
PT-2019-7485 · Edd · Easy Digital Downloads
Name of the Vulnerable Software and Affected Versions: Easy Digital Downloads EDD versions 1.8.x through 1.8.6 Easy Digital Downloads EDD versions 1.9.x through 1.9.9 Easy Digital Downloads EDD versions 2.0.x through 2.0.4 Easy Digital Downloads EDD versions 2.1.x through 2.1.10 Easy Digital...
PT-2019-7464 · Sandhills Development · Easy Digital Downloads
Name of the Vulnerable Software and Affected Versions: Easy Digital Downloads EDD core component versions 1.8.x through 1.8.6 Easy Digital Downloads EDD core component versions 1.9.x through 1.9.9 Easy Digital Downloads EDD core component versions 2.0.x through 2.0.4 Easy Digital Downloads EDD co...
GNU Libextractor Denial of Service Vulnerability (CNVD-2019-03528)
GNU Libextractor is a set of libraries developed by the GNU Project for extracting metadata from files. A null pointer back-reference vulnerability exists in the 'processmetadata' function in the plugins/ole2extractor.c file in GNU Libextractor 1.8 and earlier. An attacker could exploit this...
CoreOS Tectonic Information Disclosure Vulnerability
CoreOS Tectonic is an automated enterprise Kubernetes platform. The platform automates operational tasks, enabling platform portability and multi-cluster management. An information disclosure vulnerability exists in CoreOS Tectonic version 1.7.x before 1.7.9-tectonic.4 and version 1.8.x before...
CVE-2017-7234
A maliciously crafted URL to a Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 site using the django.views.static.serve view could redirect to any other domain, aka an open redirect vulnerability...
UBUNTU-CVE-2017-7234
A maliciously crafted URL to a Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 site using the django.views.static.serve view could redirect to any other domain, aka an open redirect vulnerability...
wireshark: DoS (application crash) in the Netmon file parser (wnpa-sec-2013-51) (A different flaw than CVE-2013-4933)
The netmonopen function in wiretap/netmon.c in the Netmon file parser in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not initialize certain structure members, which allows remote attackers to cause a denial of service application crash via a crafted packet-trace file...