Statamic affected by privilege escalation via stored cross-site scripting

Impact Stored XSS vulnerability in html fieldtypes allow authenticated users with field management permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. Patches This has been fixed in 6.3.2 and 5.73.9...

CVE-2025-21589

An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router may allows a network-based attacker to bypass authentication and take administrative control of the device. This issue affects Session Smart Router: from 5.6.7 before 5.6.17, from...

WordPress WPJobster theme <= 6.3.5 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Theme WPJobster versions = 6.3.5...

CVE-2025-60084

Deserialization of Untrusted Data vulnerability in add-ons.org PDF for Elementor Forms + Drag And Drop Template Builder pdf-for-elementor-forms allows Object Injection.This issue affects PDF for Elementor Forms + Drag And Drop Template Builder: from n/a through = 6.5.0...

CVE-2025-60083

Deserialization of Untrusted Data vulnerability in add-ons.org PDF Invoice Builder for WooCommerce pdf-for-woocommerce allows Object Injection.This issue affects PDF Invoice Builder for WooCommerce: from n/a through = 6.5.0...

EUVD-2025-32721

Improper Resource Locking vulnerability in B&R Industrial Automation Automation Runtime.This issue affects Automation Runtime: from 6.0 before 6.3, before Q4.93...

CVE-2023-23778

A relative path traversal vulnerability CWE-23 in FortiWeb version 7.0.1 and below, 6.4 all versions, 6.3 all versions, 6.2 all versions may allow an authenticated user to obtain unauthorized access to files and data via specifically crafted web requests...

WordPress plugin Nasa Core 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

IBM Sterling Connect:Direct Web Services 安全漏洞

IBM Sterling Connect:Direct Web Services is a file-based, peer-to-peer file transfer solution from International Business Machines IBM. A security vulnerability exists in IBM Sterling Connect:Direct Web Services versions 6.1.0, 6.2.0, and 6.3.0 that stems from improper authorization and could...

IBM Sterling Control Center 安全漏洞

IBM Sterling Control Center is an application system from International Business Machines IBM, Inc. A centralized monitoring and management system. A security vulnerability exists in IBM Sterling Control Center versions 6.2.1, 6.3.1, and 6.4.0 that originates from a web page that can be stored...

DInGO dLibra 跨站脚本漏洞

DInGO dLibra is a digital library system from DInGO, Inc. A cross-site scripting vulnerability exists in DInGO dLibra versions 6.0 through prior to 6.3.20, which stems from the presence of Reflective Cross-Site Scripting XSS, where an attacker may be able to use a crafted URL to cause the script ...

NetIQ Advanced Authentication 安全漏洞

NetIQ Advanced Authentication is an application from NetIQ UK. It provides a more secure way to protect your sensitive information by moving away from usernames and passwords. A security vulnerability exists in NetIQ Advanced Authentication versions prior to 6.3.5.1 that stems from an insufficien...

CVE-2023-5803

Cross-Site Request Forgery CSRF vulnerability in Business Directory Team Business Directory Plugin – Easy Listing Directories for WordPress allows Cross-Site Request Forgery.This issue affects Business Directory Plugin – Easy Listing Directories for WordPress: from n/a through 6.3.10...

Wacom Driver 后置链接漏洞

Wacom driver is a driver for connecting and managing platform computers. A security vulnerability exists in Wacom Driver 6.3.46-1 and earlier versions that stems from an arbitrary file deletion vulnerability...

CVE-2023-23779

Multiple improper neutralization of special elements used in an OS Command 'OS Command Injection' vulnerabilities CWE-78 in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below may allow an authenticated attacker to execute unauthorized code or commands via crafted...

CVE-2022-30300

A relative path traversal vulnerability CWE-23 in FortiWeb 7.0.0 through 7.0.1, 6.3.6 through 6.3.18, 6.4 all versions may allow an authenticated attacker to obtain unauthorized access to files and data via specifically crafted HTTP GET requests...

Archer Platform 安全漏洞

Archer Platform is a modern integrated risk management solution from Archer, Inc. A security vulnerability exists in Archer Platform versions 6.3 through 6.11 that stems from incorrect access control in the SSO ADFS functionality. A malicious user may be able to exploit this vulnerability to...

CVE-2021-41026

A relative path traversal in FortiWeb versions 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow an authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests...

Fortinet FortiWeb 资源管理错误漏洞

Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures web applications and protects sensitive database content. A security vulnerability exists in versions...

CVE-2019-8080

Adobe Experience Manager versions 6.4 and 6.3 have a stored cross site scripting vulnerability. Successful exploitation could lead to privilege escalation...