PT-2024-38541 · Fastcms · Fastcms

Name of the Vulnerable Software and Affected Versions: FastCMS versions up to 0.1.5 Description: A vulnerability was found in the New Article Category Page component of FastCMS, affecting an unknown function. This issue leads to cross-site scripting and can be exploited remotely. The exploit has...

CVE-2024-41614

symphonycms =2.7.10 is vulnerable to Cross Site Scripting XSS in the Comment component for articles...

Exploit for Path Traversal in Stitionai Devika

CVE-2024-40422 Found this on exploit-db, decided to make my ow...

Desdev DedeCMS 安全漏洞

DedeCMS is a popular content management system widely used to create and manage website content for a variety of application scenarios such as corporate websites and personal blogs. A code injection vulnerability exists in the articletemplaterand.php file in DedeCMS version 5.7.114. The...

PT-2024-37978 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7.114 Description: A critical issue has been found in DedeCMS, affecting an unknown part of the file article template rand.php. This issue leads to code injection and can be initiated remotely. The exploit has been disclosed...

Malicious code in sap-article (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 0d56eeb9b4a26f6103695bcaa3f5641cf0ecfcdb6c599bd9ad4c0ea8cf0812af The OpenSSF Package Analysis project identified 'sap-article' @ 0.0.0 npm as malicious. It is considered malicious because: - The package...

CVE-2024-39174

A cross-site scripting XSS vulnerability in the Publish Article function of yzmcms v7.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a published article...

CVE-2024-39174

A cross-site scripting XSS vulnerability in the Publish Article function of yzmcms v7.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a published article...

Yzmcms Security Vulnerabilities

Yzmcms is an open source CMS Content Management System by the individual developer of Yzmcms. A security vulnerability exists in Yzmcms version 7.1, which stems from a cross-site scripting vulnerability in the Publish Article feature, which allows an attacker to execute arbitrary Web script or HT...

PT-2024-28378 · Yzmcms · Yzmcms

Name of the Vulnerable Software and Affected Versions: yzmcms version 7.1 Description: A cross-site scripting XSS vulnerability in the Publish Article function allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a published article. Recommendations: For...

CVE-2024-39174

CVE-2024-39174 affects yzmcms v7.1, where the Publish Article function is vulnerable to cross-site scripting (XSS) via a crafted payload injected into a published article. The issue is described consistently across sources (RH, NVD, OSV, CNNVD, CVE listings) as a reflected/stored-style XSS vulner...

New Support Website - July 15th 2024

New Support Website - July 15th 2024 Support.Citrix.com is migrating to a new platform. This is the main website for hosting public CTX knowledge articles and for customers to create and view their support cases. This new platform will launch on July 15th 2024 Callback and LiveChat are dependent ...

CVE-2024-39313 toy-blog Improper Input Validation vulnerability

toy-blog is a headless content management system implementation. Starting in version 0.5.4 and prior to version 0.6.1, articles with private visibility can be read if the reader does not set credentials for the request. Users should upgrade to 0.6.1 or later to receive a patch. No known workaroun...

Quora’s Chatbot Platform Poe Allows Users to Download Paywalled Articles on Demand

WIRED was able to download stories from publishers like The New York Times and The Atlantic using Poe’s Assistant bot. One expert calls it “prima facie copyright infringement,” which Quora disputes...

Progress MOVEit Transfer 2023.0.x < 2023.0.11 / 2023.1.x < 2023.1.6 / 2024.0.x < 2024.0.2 Authentication Bypass (June 2024)

The version of Progress MOVEit Transfer, formerly Ipswitch MOVEit DMZ, installed on the remote host is affected by an authentication bypass vulnerability as referenced in Progress Community article 000259290. - Improper Authentication vulnerability in Progress MOVEit Transfer SFTP module can lead...

CVE-2024-37791

DuxCMS3 v3.1.3 was discovered to contain a SQL injection vulnerability via the keyword parameter at /article/Content/index?classid...

CVE-2024-37791

DuxCMS3 v3.1.3 was discovered to contain a SQL injection vulnerability via the keyword parameter at /article/Content/index?classid...

DuxCMS SQL Injection Vulnerability

DuxCMS is an open source content management system. A SQL injection vulnerability exists in DuxCMS version v3.1.3, which originates from the keyword parameter in /article/Content/index?classid contains a SQL injection vulnerability...

PT-2024-27753 · Duxcms3 · Duxcms3

Name of the Vulnerable Software and Affected Versions: DuxCMS3 version 3.1.3 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the keyword parameter at the "/article/Content/index?class id" API endpoint. Recommendations: For DuxCMS3 versio...

2024-06 Dynamic Cumulative Update for Windows 10 Version 22H2 for x64-based Systems (KB5039211)

ComponentUpdate: A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft...