320 matches found
CVE-2019-7173
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/file-manager/attachments/edit/4...
CVE-2025-67705
creationtimestamp| type| source ---|---|--- 2026-01-01 00:36:48+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mbd56v7z2r2c 2026-01-02 18:51:10+00:00| seen| Telegram/jewkuyTggD2PWaKrabPFdcCxroyUzLRM-AR1O-LdmNxSvc...
CVE-2025-62141 WordPress Wawp plugin <= 4.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in Information Technology Wawp automation-web-platform allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wawp: from n/a through = 4.4...
CVE-2025-66444 Cross-Site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer
Cross-site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor Data Center Analytics component and Hitachi Ops Center Analyzer Hitachi Ops Center Analyzer detail view component.This issue affects Hitachi Infrastructure Analytics Advisor:; Hitachi Ops Center Analyzer: from 10.0.0-0...
appRain CMF 代码问题漏洞
appRain CMF is a content management framework from appRain Canada. A code issue vulnerability exists in appRain CMF version 4.0.5 that originates from an authenticated user being able to upload a malicious PHP file via the file manager, which could lead to remote code execution...
CVE-2025-65230
Barix Instreamer v04.06 and v04.05 contains a stored cross-site scripting XSS vulnerability in the Web UI Configuration Streaming Destination input...
RHEL 9 : grub2 (RHSA-2025:20532)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:20532 advisory. The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a highly configurable and customizable boot loader with modular...
CVE-2025-32222
Improper Control of Generation of Code 'Code Injection' vulnerability in Widgetlogic.org Widget Logic widget-logic allows Code Injection.This issue affects Widget Logic: from n/a through = 6.0.5...
CVE-2025-64323 kgateway is missing xDS authorization
kgateway is a Cloud-Native API and AI Gateway. Versions 2.0.4 and below and 2.1.0-agw-cel-rbac through 2.1.0-rc.2 lack authentication, allowing any client with unrestricted network access to the xDS port to retrieve potentially sensitive configuration data including certificate data, backend...
CVE-2022-50596
creationtimestamp| type| source ---|---|--- 2025-11-06 22:26:04+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m4ym6hjdpf2u...
GHSA-27MC-9399-R9MX Drupal Access code allows Brute Force Attempts
Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Access code allows Brute Force. This issue affects Access code: from 0.0.0 before 2.0.5...
Amazon Linux 2 : glibc, --advisory ALAS2-2025-3040 (ALAS-2025-3040)
The version of glibc installed on the remote host is prior to 2.26-64. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3040 advisory. The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It...
EUVD-2025-36014
Missing Authorization vulnerability in Nelio Software Nelio Content nelio-content allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nelio Content: from n/a through = 4.0.5...
CVE-2022-50580
In the Linux kernel, the following vulnerability has been resolved: blk-throttle: prevent overflow while calculating wait time There is a problem found by code review in tgwithinbpslimit that 'bpslimit jiffyelapsedrnd' might overflow. Fix the problem by calling mulu64u64divu64 instead...
CVE-2022-50560
In the Linux kernel, the following vulnerability has been resolved: drm/meson: explicitly remove aggregate driver at module unload time Because componentmasterdel wasn't being called when unloading the mesondrm module, the aggregate device would linger forever in the global aggregatedevices list...
CVE-2025-60232
Deserialization of Untrusted Data vulnerability in quantumcloud KBx Pro Ultimate knowledgebase-helpdesk-pro allows Object Injection.This issue affects KBx Pro Ultimate: from n/a through = 8.0.5...
CVE-2022-50561
In the Linux kernel, the following vulnerability has been resolved: iio: fix memory leak in iiodeviceregistereventset When iiodeviceregistersysfsgroup returns failed, iiodeviceregistereventset needs to free attrs array. Otherwise, kmemleak would scan & report memory leak as below: unreferenced...
EUVD-2025-34788
PrestaShop Checkout Target PayPal merchant account hijacking from backoffice...
CVE-2025-61923 PrestaShop Checkout Backoffice directory traversal allows arbitrary file disclosure
PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. In versions prior to 4.4.1 and 5.0.5, the backoffice is missing validation on input resulting in a directory traversal and arbitrary file disclosure. The vulnerability is fixed in versions 4.4.1 and 5.0.5. N...
PT-2025-42549
Name of the Vulnerable Software and Affected Versions Xpdf versions prior to 4.06 Description A flaw exists in Xpdf versions 4.05 and earlier related to PDF object handling within CMap structures. Specifically, a loop in a CMap, triggered through the "UseCMap" entry, can result in infinite...