Vinades NukeViet 跨站脚本漏洞

Vinades NukeViet is an open-source content management system CMS developed by the Vietnamese company Vinades. Versions of Vinades NukeViet 4.5.07 and earlier had a cross-site scripting vulnerability. This vulnerability stemmed from insufficient input cleansing on the server side, which could lead...

CVE-2026-1517

A vulnerability was identified in iomad up to 5.0. Affected is an unknown function of the component Company Admin Block. Such manipulation leads to sql injection. The attack can be executed remotely. It is best practice to apply a patch to resolve this issue...

WordPress Essential Blocks plugin <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by wesley wcraft in WordPress Plugin Essential Blocks for Gutenberg versions = 4.5.3...

WordPress CouponXxL Theme <= 4.5.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software CouponXxL Type Theme Vulnerable versions = 4.5.0 Fixed in N/A OWASP Top 10 A5: Security Misconfiguration Classification Cross Site Request Forgery CSRF CVE CVE-2025-58013 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 7ea2a224d874 Credits Bonds Required privilege...

CVE-2025-59689

Libraesva ESG 4.5 through 5.5.x before 5.5.7 allows command injection via a compressed e-mail attachment. For ESG 5.0 a fix has been released in 5.0.31. For ESG 5.1 a fix has been released in 5.1.20. For ESG 5.2 a fix has been released in 5.2.31. For ESG 5.4 a fix has been released in 5.4.8. For...

CVE-2023-26217

The Data Exchange Add-on component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged user with import permissions and network access to the EBX server to execute arbitrary SQL statements on the affected system. Affected releases a...

WordPress DSGVO All in one for WP plugin <= 4.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by NGÔ THIÊN AN Patchstack Alliance in WordPress Plugin DSGVO All in one for WP versions = 4.5...

PT-2024-9269 · Mitel · Mitel 6869I

Name of the Vulnerable Software and Affected Versions: Mitel 6869i versions 4.5.0.41 and earlier Mitel 6869i versions 5.x through 5.0.0.1018 Description: A command injection issue exists in the hostname parameter taken in by the "provis.html" endpoint. The "provis.html" endpoint performs no...

WordPress Just Writing Statistics plugin <= 4.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Rayhan Ramdhany Hanaputra Patchstack Alliance in WordPress Plugin Just Writing Statistics versions = 4.5...

TIBCO Software EBX Add-ons SQL注入漏洞

TIBCO Software EBX Add-ons is an add-on from TIBCO Software, Inc. that enhances the functionality of the Tibco Ebx data management platform. A security vulnerability exists in TIBCO EBX Add-ons versions 4.5.17 and earlier, 5.6.2 and earlier, and 6.1.0, which stems from an easily exploitable...

Mattermost Server vulnerable to Denial of Service through `@` character prefix inserted into JavaScript field names

An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, 4.3.4, and 4.2.2. It allows attackers to cause a denial of service application crash via an @ character before a JavaScript field name...

CVE-2021-22531

A bug exist in the input parameter of Access Manager that allows supply of invalid character to trigger cross-site scripting vulnerability. This affects NetIQ Access Manager 4.5 and 5.0...

ALPINE-CVE-2020-25599

An issue was discovered in Xen through 4.14.x. There are evtchnreset race conditions. Uses of EVTCHNOPreset potentially by a guest on itself or XENDOMCTLsoftreset by itself covered by XSA-77 can lead to the violation of various internal assumptions. This may lead to out of bounds memory accesses ...

CVE-2020-3759

Adobe Digital Editions versions 4.5.10 and below have a buffer errors vulnerability. Successful exploitation could lead to information disclosure...

EMC Documentum D2 DQL Injection Vulnerability

EMC Documentum D2 is an enterprise-class content management system from EMC. The system manages the entire information lifecycle through creation, modification, tracking and other functions, and it includes a number of extensions, such as Documentum Web Publisher Web Content Management, Documentu...

Xen Denial of Service Vulnerability (CNVD-2015-07236)

Xen is an open source virtual machine monitor product developed at the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. A security vulnerability exists in X...