galaxy-fds-sdk-android 安全漏洞

Galaxy-FDS-SDK-Android is an open-source developer toolkit developed by Xiaomi for storing file data on Xiaomi devices. Versions of Galaxy-FDS-SDK-Android 3.0.8 and earlier contain security vulnerabilities. These vulnerabilities stem from the disabling of TLS hostname verification when HTTPS is...

PT-2026-1778

Name of the Vulnerable Software and Affected Versions Sangfor Operation and Maintenance Management System versions up to 3.0.8 Description A flaw exists in Sangfor Operation and Maintenance Management System. Manipulation of the sessionPath argument within the WriterHandle.getCmd function, locate...

Sangfor Operation and Maintenance Management System 操作系统命令注入漏洞

Sangfor Operation and Maintenance Management System is an operation and maintenance management system from Sangfor. An OS command injection vulnerability exists in Sangfor Operation and Maintenance Management System 3.0.8 and earlier versions, which stems from incorrect manipulation of the...

CVE-2025-59001

Missing Authorization vulnerability in ThemeNectar Salient Core salient-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Salient Core: from n/a through = 3.0.8...

EUVD-2025-203615

Missing Authorization vulnerability in ThemeNectar Salient Core salient-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Salient Core: from n/a through = 3.0.8...

CVE-2024-10519

The Wishlist for WooCommerce: Multi Wishlists Per Customer PRO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wtab' parameter in versions 3.0.8 to 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers ...

WordPress Collapsing Categories plugin <= 3.0.8 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by mikemyers in WordPress Plugin Collapsing Categories versions = 3.0.8...

WordPress plugin The Ultimate WordPress Toolkit – WP Extended 跨站脚本漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin The Ultimate WordPress Toolkit - WP...

WordPress Ultimate Blocks – WordPress Blocks Plugin plugin <= 3.0.8 - Authenticated Stored Cross-Site Scripting vulnerability

Authenticated Stored Cross-Site Scripting vulnerability discovered by Rafshanzani Suhada in WordPress Plugin Ultimate Blocks versions = 3.1.0...

PT-2023-25889 · Galaxy Software Services · Galaxy Software Services Vitals Esp

Name of the Vulnerable Software and Affected Versions: Galaxy Software Services Vitals ESP versions 3.0.8 through 6.2.0 Description: The issue is related to the use of a hard-coded encryption key in Galaxy Software Services Vitals ESP. An unauthenticated remote attacker can generate a valid token...

WordPress Plugin MasterStudy LMS 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

Cross-Site Scripting in glance

Versions of glance before 3.0.8 are vulnerable to Stored Cross-Site Scripting XSS. This is only exploitable if the attacker is able to control the name of a file that is served by the glance package...