30 matches found
CVE-2026-5063 NEX-Forms <= 9.1.11 - Unauthenticated Stored Cross-Site Scripting via POST Parameter Key Names
The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via POST parameter key names in the submitnexform function in versions up to, and including, 9.1.11 due to insufficient input sanitization and output escaping. This makes it...
Mattermost 安全漏洞
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost versions 10.5.7 and prior 10.5.x, 9.11.16 and prior 9.11.x. The vulnerability stems from a failure to negotiate a new token when accepting an invitation,...
SUSE CVE-2024-54682
Mattermost versions 10.1.x = 10.1.2, 10.0.x = 10.0.2, 9.11.x = 9.11.4, 9.5.x = 9.5.12 fail to limit the file size for slack import file uploads which allows a user to cause a DoS via zip bomb by importing data in a team they are a team admin...
PT-2024-19934 · Hcl · Hcl Bigfix Compliance
Name of the Vulnerable Software and Affected Versions: HCL BigFix Compliance versions 9.x through 11.x Description: Database scanning using a username and password stores the credentials in plaintext or encoded format within files at the endpoint. This has been identified as a significant securit...
Google Android 资源管理错误漏洞
Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. An elevation of privilege vulnerability exists in the System component of Google Android versions 9, 10, and 11, which can be exploited by an attacker to cause a...
Google Android 资源管理错误漏洞
Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. An elevation of privilege vulnerability exists in the System component of Google Android 9, 10, and 11. An attacker can exploit the vulnerability to cause a local...
HCL iNotes Cross-Site Scripting Vulnerability
HCL iNotes is a browsing client for accessing HCLDomino mail, contacts, calendar, scheduling and collaboration features. A stored cross-site scripting vulnerability exists in HCL iNotes 9, 10, and 11. The vulnerability stems from improper handling of message content. An attacker can exploit this...
HCL Notes Denial of Service Vulnerability
HCL Notes is an enterprise email client. A denial of service vulnerability exists in HCL Notes 9, 10, and 11. The vulnerability stems from improper validation of user-supplied input. A remote, unauthenticated attacker can exploit the vulnerability via a specially crafted email to cause the client...
HCL Software HCL Notes 输入验证错误漏洞
HCL Notes is an enterprise email client. A denial of service vulnerability exists in HCL Notes 9, 10, and 11. The vulnerability stems from improper validation of user-supplied input. A remote, unauthenticated attacker can exploit the vulnerability via a specially crafted email to cause the client...
Microsoft Internet Explorer Remote Code Execution Vulnerability (CNVD-2020-47963)
Microsoft Internet Explorer IE is a Web browser that comes with the Windows operating system from the American company Microsoft. A remote code execution vulnerability exists in the MSHTML Engine in Microsoft IE versions 9 and 11, which arises from the program failing to properly validate input...
Microsoft Internet Explorer Information Disclosure Vulnerability (CNVD-2021-24960)
Microsoft Internet Explorer IE is a Web browser that comes with the Windows operating system from the American company Microsoft. An information disclosure vulnerability exists in Microsoft Internet Explorer versions 9 and 11, which arises from the program not properly handling objects in memory...
Microsoft Internet Explorer VBScript Engine Remote Code Execution Vulnerability (CNVD-2020-51780)
Microsoft Internet Explorer IE is a Web browser that comes with the Windows operating system from Microsoft Corporation.VBScript Engine is one of the VBScript scripting language engines. A remote code execution vulnerability exists in the way the VBScript Engine handles memory objects in Microsof...
Microsoft Internet Explorer VBScript Engine Remote Code Execution Vulnerability (CNVD-2020-51784)
Microsoft Internet Explorer IE is a Web browser that comes with the Windows operating system from Microsoft Corporation.VBScript Engine is one of the VBScript scripting language engines. A remote code execution vulnerability exists in the way the VBScript Engine handles memory objects in Microsof...
PT-2020-1389 · Microsoft · Internet Explorer
Name of the Vulnerable Software and Affected Versions: Internet Explorer versions 9 through 11 Description: A remote code execution issue exists due to incorrect handling of objects in memory by the scripting engine in Internet Explorer. This could allow an attacker to execute arbitrary code in t...
CVE-2018-8643
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10...
Kentico CMS Cross-Site Scripting Vulnerability
Kentico CMS is an enterprise-grade web content management system and customer experience management system. A cross-site scripting vulnerability exists in Kentico CMS versions 9 through 11, which can be exploited by an attacker to inject arbitrary web script or HTML...
CVE-2018-7046
Arbitrary code execution vulnerability in Kentico 9 through 11 allows remote authenticated users to execute arbitrary operating system commands in a dynamic .NET code evaluation context via C code in a "Pages - Edit - Template - Edit template properties - Layout" box. NOTE: the vendor has respond...
Microsoft Internet Explorer Scripting Engine Information Disclosure Vulnerability (CNVD-2017-34446)
Internet Explorer IE is a web browser that comes with the Windows operating system. scripting engines is one of the JavaScript engine components. An information disclosure vulnerability exists in the scripting engine in versions 9, 10, and 11 of IE for Microsoft Windows, which arises from the...
Microsoft Internet Explorer and Microsoft Edge Remote Memory Corruption Vulnerability (CNVD-2017-12095)
Microsoft Internet Explorer IE and Microsoft Edge are both web browsers developed by the American company Microsoft. The former is the default browser that came with operating systems before Windows 10, and the latter is the default browser that comes with the latest operating system, Windows 10....
Microsoft Internet Explorer Remote Memory Corruption Vulnerability (CNVD-2017-12101)
Microsoft Internet Explorer IE is a Web browser developed by the American company Microsoft and is the default browser that comes with the Windows operating system. A remote memory corruption vulnerability exists in Microsoft IE versions 9, 10, and 11. A remote attacker could exploit this...