57 matches found
ELADMIN 授权问题漏洞
ELADMIN is a backend management system for elunez individual developers. An authorization issue vulnerability exists in ELADMIN 2.7 and earlier versions, which stems from an improper authorization issue in the /api/logs/error/1 file...
CVE-2025-58606
Missing Authorization vulnerability in cozythemes SaasLauncher saaslauncher allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SaasLauncher: from n/a through = 1.3.0...
PT-2025-34999
Name of the Vulnerable Software and Affected Versions: wptableeditor Table Editor versions n/a through 1.6.4 Description: A Cross-Site Request Forgery CSRF issue exists in wptableeditor Table Editor, allowing attackers to perform actions on behalf of authenticated users. Recommendations: Update...
CVE-2025-58192
Missing Authorization vulnerability in Xylus Themes WP Bulk Delete wp-bulk-delete allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Bulk Delete: from n/a through = 1.3.6...
CVE-2025-49040
CVE-2025-49040 is a CSRF vulnerability in the WordPress plugin Backup Bolt. Public details indicate it affects versions up to 1.4.1 (initial description), with Patchstack noting vulnerable versions up to 1.5.0. CVSS 3.1 base score 4.3 (Medium) with network attack vector, low attack complexity, no...
CVE-2025-57805
CVE-2025-57805 affects The Scratch Channel web platform. In versions 1 and 1.1, a POST to the article-publishing endpoint allows posting articles in any category with any date, regardless of login status, indicating an authorization bypass in the publish workflow. The issue has been patched in ve...
Dpanel has an arbitrary file read vulnerability
Summary Dpanel has an arbitrary file read vulnerability in the /api/app/compose/get-from-uri interface.Logged in to Dpanel ,this interface can be used to read arbitrary files. Details When a user logs into the administrative backend, this interface can read any files on the host/sever given the...
CVE-2025-49408
Insertion of Sensitive Information Into Sent Data vulnerability in WPDeveloper Templately allows Retrieve Embedded Sensitive Data. This issue affects Templately: from n/a through 3.2.7...
CVE-2025-54049
Incorrect Privilege Assignment vulnerability in miniOrange Custom API for WP custom-api-for-wp allows Privilege Escalation.This issue affects Custom API for WP: from n/a through = 4.2.2...
CVE-2025-9287 Missing type checks leading to hash rewind and passing on crafted data
Improper Input Validation vulnerability in cipher-base allows Input Data Manipulation.This issue affects cipher-base: through 1.0.4...
PT-2025-34020
Name of the Vulnerable Software and Affected Versions: vcita Online Booking & Scheduling Calendar for WordPress by vcita versions through 4.5.3 Description: The software contains a vulnerability that allows for the upload of files with dangerous types. This enables the use of malicious files...
CVE-2025-52797
Cross-Site Request Forgery CSRF vulnerability in josepsitjar StoryMap wp-storymap allows SQL Injection.This issue affects StoryMap: from n/a through = 2.1...
CVE-2025-53587
CVE-2025-53587 – WordPress Findgo Theme CSRF : The Findgo WordPress theme (ApusTheme Findgo) is affected up to version 1.3.57. The vulnerability is a Cross-Site Request Forgery (CSRF) that could allow an attacker to perform actions on behalf of an authenticated user. Public sources in the connect...
CVE-2025-8812 atjiu pybbs Admin Panel settings cross site scripting
A vulnerability, which was classified as problematic, was found in atjiu pybbs up to 6.0.0. This affects an unknown part of the file /api/settings of the component Admin Panel. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been...
Linux Distros Unpatched Vulnerability : CVE-2021-2056
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.22 and prior. Difficult to exploi...
CVE-2025-39403
CVE-2025-39403 is an unauthenticated SQL Injection vulnerability in the WordPress WPAMS (Apartment Management System) plugin, affecting versioned releases up to 44.0 (as of 17-08-2023). The root cause is improper neutralization of special elements in SQL commands, enabling attackers to exploit th...
CVE-2025-47648
Cross-Site Request Forgery CSRF vulnerability in axima Pays – WooCommerce Payment Gateway axima-payment-gateway allows Stored XSS.This issue affects Pays – WooCommerce Payment Gateway: from n/a through = 2.6...
CVE-2025-31434
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Adrian Tobey FormLift for Infusionsoft Web Forms formlift allows Stored XSS.This issue affects FormLift for Infusionsoft Web Forms: from n/a through = 7.5.19...
PT-2024-31181 · Tenda · Tenda Ax1806
Name of the Vulnerable Software and Affected Versions: Tenda AX1806 version 1.0.0.1 Description: The issue is a stack overflow that occurs through the adv.iptv.stbpvid parameter in the setIptvInfo function. This allows for potential exploitation. No information is provided about the estimated...
CVE-2024-43307
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Gordon Böhme, Antonio Leutsch Structured Content allows Stored XSS.This issue affects Structured Content: from n/a through 1.6.2...