CVE-2019-25465

Hisilicon HiIpcam V100R003 contains a directory traversal vulnerability that allows unauthenticated attackers to access sensitive configuration files by exploiting directory listing in the cgi-bin directory. Attackers can request the getadslattr.cgi endpoint to retrieve ADSL credentials and netwo...

org.apache.syncope.client.am:syncope-client-am-console (>=3.0.0 <=3.0.15), org.apache.syncope.client.am:syncope-client-am-enduser (>=3.0.12 <=3.0.15) +13 more potentially affected by CVE-2026-23794 via org.apache.syncope.client.idrepo:syncope-client-idrepo-common-ui (>=3.0.0 <=3.0.15)

org.apache.syncope.client.idrepo:syncope-client-idrepo-common-ui MAVEN version =3.0.0, =3.0.0, =3.0.12, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.15 - org.apache.syncope.ext.saml2sp4ui:syncope-ext-saml2sp4...

aldryn-django (>=4.2.10.0 <=4.2.18.0), alertwise (=1.0.0) +114 more potentially affected by CVE-2026-1207 via django (>=4.2.0 <=4.2.27)

django PYPI version =4.2.0, =4.2.10.0, =65.10.0, =7.5.1, =1.0.2, =0.0.1, =1.3.9, =0.4.0, =0.0.1, =4.16.2, =4.8.0, =0.0.4.dev0, =8.0.0, =8.5.1 and more Source cves: CVE-2026-1207 Source advisory: OSV:GHSA-MWM9-4648-F68Q...

aldryn-django (>=4.2.10.0 <=4.2.18.0), alertwise (=1.0.0) +114 more potentially affected by CVE-2026-1287 via django (>=4.2.0 <=4.2.27)

django PYPI version =4.2.0, =4.2.10.0, =65.10.0, =7.5.1, =1.0.2, =0.0.1, =1.3.9, =0.4.0, =0.0.1, =4.16.2, =4.8.0, =0.0.4.dev0, =8.0.0, =8.5.1 and more Source cves: CVE-2026-1287 Source advisory: OSV:PYSEC-2026-46...

CVE-2025-1529

The AM LottiePlayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via uploaded lottie files in all versions up to, and including, 3.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and...

CVE-2025-69006

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Atte Moisio AM Events am-events allows Stored XSS.This issue affects AM Events: from n/a through = 1.13.1...

EUVD-2025-205737

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Atte Moisio AM Events am-events allows Stored XSS.This issue affects AM Events: from n/a through = 1.13.1...

CVE-2025-69006

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Atte Moisio AM Events am-events allows Stored XSS.This issue affects AM Events: from n/a through = 1.13.1...

CVE-2025-69006 WordPress AM Events plugin <= 1.13.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Atte Moisio AM Events am-events allows Stored XSS.This issue affects AM Events: from n/a through = 1.13.1...

CVE-2025-69006

Technical details about CVE-2025-69006 are not provided in the supplied documents; no vendor, product version, impact, or remediation specifics are included beyond the basic description.

CVE-2025-69006 WordPress AM Events plugin <= 1.13.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Atte Moisio AM Events am-events allows Stored XSS.This issue affects AM Events: from n/a through = 1.13.1...

WordPress plugin AM Events 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-53888

Name of the Vulnerable Software and Affected Versions Atte Moisio AM Events versions through 1.13.1 Description The software contains a flaw due to improper neutralization of input during web page generation, which allows for Stored Cross-site Scripting XSS. This means that malicious scripts can ...

WordPress AM Events plugin <= 1.13.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Nur Ibnu Hubab in WordPress Plugin AM Events versions = 1.13.1...

WordPress plugin Upload.am 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. An arbitrary option disclosure vulnerability exists in WordPress Upload.am, which stems from a lack of capability checking by the AJAX request processor, which can be...

EUVD-2025-147003

Malicious code in uinsu-lisa-am npm...

CVE-2025-53245

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Afzal Multani WP Logo Changer am-login-logo allows Stored XSS.This issue affects WP Logo Changer: from n/a through = 1.2...

PT-2025-45221

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Afzal Multani WP Logo Changer am-login-logo allows Stored XSS.This issue affects WP Logo Changer: from n/a through = 1.2...

WSO2多款产品 安全漏洞

WSO2 API Manager and other products are products of WSO2 Corporation, USA.WSO2 API Manager is a set of API lifecycle management solutions.WSO2 Identity Server IS is an identity server.WSO2 Enterprise Integrator is a set of open source hybrid integration platform. A security vulnerability exists i...

albibong (>=1.0.0 <=1.1.10), am-viewer (>=1.1.0 <=4.0.1) +70 more potentially affected by unknown CVE via scapy (>=2.2.0.dev0 <=2.6.1)

scapy PYPI version =2.2.0.dev0, =1.0.0, =1.1.0, =1.0.3, =1.2.0, =1.2.0, =0.0.1, =1.2.5, =1.0.8, =0.0.4, =0.1.8, =0.2.5, =0.1.3, =1.2.1b0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-CQ46-M9X9-J8W2...