9 matches found
CVE-2025-69140 WordPress SweetDate Core plugin < 1.1.5 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in SweetDate Core 1.1.5 versions...
CVE-2025-34245
Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxStandaloneVpnClientsController.ajaxAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...
CVE-2025-34242
Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxNetworkController.ajaxAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...
PT-2025-45361
Name of the Vulnerable Software and Affected Versions Advantech WebAccess/VPN versions prior to 1.1.5 Description The software contains a SQL injection issue in the AjaxFwRulesController.ajaxDeviceFwRulesAction function. An authenticated, low-privileged user can inject SQL code through datatable...
Advantech WebAccess/VPN 安全漏洞
Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. Advantech WebAccess/VPN suffers from a cross-site scripti...
EUVD-2025-36881
Drupal Acquia DAM allows Forceful Browsing...
GHSA-X957-32V9-M7VG Drupal Acquia DAM allows Forceful Browsing
Missing Authorization vulnerability in Drupal Acquia DAM allows Forceful Browsing. This issue affects Acquia DAM: from 0.0.0 before 1.1.5...
Drupal Acquia DAM 安全漏洞
Drupal Acquia DAM is a data synchronization plugin for the Drupal community. A security vulnerability exists in Drupal Acquia DAM versions prior to 1.1.5, which stems from a lack of authorization and could lead to a forced browsing attack...
UBUNTU-CVE-2016-4068
Cross-site scripting XSS vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2015-8864...