26 matches found
WordPress Bold Page Builder plugin <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget URL Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Widget URL Attribute vulnerability discovered by wesley wcraft in WordPress Plugin Bold Page Builder versions = 4.8.8...
MongoBleed CVE-2025-14847: Critical Memory Leak in MongoDB Allowing Attackers to Extract Sensitive Data
Overview On December 19, 2025, MongoDB Inc. disclosed a critical new vulnerability, CVE-2025-14847, which has since been dubbed MongoBleed. This vulnerability is a high-severity unauthenticated memory leak affecting MongoDB, one of the world's most popular document-oriented databases. While...
WordPress Jobmonster theme <= 4.8.2 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Jobmonster versions = 4.8.2...
CVE-2025-5397
The Noo JobMonster theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 4.8.1. This is due to the checklogin function not properly verifying a user's identity prior to successfully authenticating them This makes it possible for unauthenticated attackers...
EUVD-2025-27163
Malicious code in bioql PyPI...
RuoYi 代码注入漏洞
RuoYi is a backend management system for individual developers of RuoYi in China. A code injection vulnerability exists in RuoYi 4.8.1 and earlier versions, which originates from cross-site scripting due to incorrect manipulation of the parameter configUrl in the file /swagger-ui/index.html...
RuoYi 代码注入漏洞
RuoYi is a backend management system for individual developers of RuoYi in China. RuoYi 4.8.1 and previous versions of code injection vulnerability exists, the vulnerability stems from the file com/ruoyi/web/controller/system/SysNoticeController.java function addSave incorrect operation leads to...
RuoYi 安全漏洞
RuoYi is a backend management system for individual developers in RuoYi, China. A security vulnerability exists in RuoYi 4.8.1 and earlier versions, which stems from the use of default credentials by the Druid component...
SEMCMS 安全漏洞
SEMCMS is SEMCMS open source content management system CMS for foreign trade websites with multilingual support. A security vulnerability exists in SEMCMS 4.8 and earlier versions, which stems from an unknown function in the file SEMCMSImages.php that can lead to SQL injection...
CVE-2024-21878
Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Enphase IQ Gateway formerly known as Envoy allows OS Command Injection. This vulnerability is present in an internal script.This issue affects Envoy: from 4.x up to and including 8.x and is currentl...
PT-2024-19110 · Enphase · Enphase Iq Gateway
Name of the Vulnerable Software and Affected Versions: Enphase IQ Gateway formerly known as Envoy versions 4.x through 8.x and versions prior to 8.2.4225 Description: The issue is related to an Improper Neutralization of Special Elements used in a Command, also known as 'Command Injection'...
EasyCorp EasyAdmin 跨站脚本漏洞
Easyadmin is a simple, lightweight backend management system scaffolding by laker individual developers. A cross-site scripting vulnerability exists in EasyCorp EasyAdmin 4.8.9 and earlier versions, which stems from a cross-site scripting XSS vulnerability in Autocomplete's function Autocomplete ...
Skyhigh Client Proxy Security Vulnerability
Skyhigh Client Proxy is a client proxy from Skyhigh. A security vulnerability exists in Skyhigh Client Proxy 4.8.1 and earlier versions, which stems from the presence of a control flow implementation error issue that allows an attacker to circumvent existing security controls...
PT-2023-29948 · Netmodule · Netmodule Router
Name of the Vulnerable Software and Affected Versions: NetModule Router Software versions 4.6 through 4.6.0.105 NetModule Router Software versions 4.8 through 4.8.0.100 Description: The web administration interface in NetModule Router Software executes an OS command, potentially leading to remote...
CVE-2023-5534
The AI ChatBot plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.8.9 and 4.9.2. This is due to missing or incorrect nonce validation on the corresponding functions. This makes it possible for unauthenticated attackers to invoke those functions vi...
NetApp SnapCenter Security Vulnerability
NetApp SnapCenter is a suite of applications from Network Appliance NetApp that provides the ability to back up, authenticate, clone, and restore NetApp storage systems. A security vulnerability exists in NetApp SnapCenter versions 4.8 through 4.9 that originates from allowing authenticated...
NetApp SnapCenter 安全漏洞
NetApp SnapCenter is a suite of applications from Network Appliance NetApp that provides the ability to back up, verify, clone, and restore NetApp storage systems. A security vulnerability exists in NetApp SnapCenter version 4.7 up to and including version 4.7P2 and version 4.8 up to and includin...
SUSE CVE-2023-26437
Denial of service vulnerability in PowerDNS Recursor allows authoritative servers to be marked unavailable.This issue affects Recursor: through 4.6.5, through 4.7.4 , through 4.8.3...
SUSE CVE-2020-15563
An issue was discovered in Xen through 4.13.x, allowing x86 HVM guest OS users to cause a hypervisor crash. An inverted conditional in x86 HVM guests' dirty video RAM tracking code allows such guests to make Xen de-reference a pointer guaranteed to point at unmapped space. A malicious or buggy HV...
PT-2023-19071 · Unknown · Contiki-Ng
Name of the Vulnerable Software and Affected Versions: Contiki-NG versions prior to and including 4.8 Description: The issue concerns an out-of-bounds write in the BLE-L2CAP module of Contiki-NG, an open-source operating system for IoT devices. This module handles packet fragmentation up to the...