2439 matches found
CVE-2025-8149
The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-9378
The Vayu Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple attributes in the Lottie block in all versions up to, and including, 1.3.9 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-8613
Vacron Camera ping Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Vacron Camera devices. Authentication is required to exploit this vulnerability. The specific flaw exists within the webs.cgi...
PT-2025-35872
Name of the Vulnerable Software and Affected Versions: SAEMM affected versions not specified Description: An out-of-bounds read issue exists in the SAEMM DiscloseMsId function within SAEMM RadioMessageCodec.c. This could lead to remote information disclosure after authentication, requiring no...
CVE-2025-20280 Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager EPNM and Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against users of the interface of an affected system. This...
SRC-2025-0005 : Samsung MagicINFO 9 Server ContentSaveServiceImpl getMediaSourceFromNewFile File Upload Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung MagicINFO 9 Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the ContentSaveServiceImpl class. The issue results from t...
Linux Distros Unpatched Vulnerability : CVE-2021-21324
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI befor...
CVE-2025-8613
Vacron Camera ping Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Vacron Camera devices. Authentication is required to exploit this vulnerability. The specific flaw exists within the webs.cgi...
CVE-2025-6685
ATEN eco DC Missing Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of ATEN eco DC. Authentication is required to exploit this vulnerability. The specific flaw exists within the web-based interface. The...
CVE-2025-6685
ATEN eco DC Missing Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of ATEN eco DC. Authentication is required to exploit this vulnerability. The specific flaw exists within the web-based interface. The...
CVE-2025-9273 CData API Server MySQL Misconfiguration Information Disclosure Vulnerability
CData API Server MySQL Misconfiguration Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of CData API Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the...
CVE-2025-9273 CData API Server MySQL Misconfiguration Information Disclosure Vulnerability
CData API Server MySQL Misconfiguration Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of CData API Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the...
CVE-2025-8613
The CVE-2025-8613 issue affects Vacron Camera devices, specifically a command injection in the webs.cgi endpoint. The flaw arises from insufficient validation of a user-supplied string before it is used to perform a system call, allowing an unauthenticated attacker to execute code with root privi...
CVE-2025-8613 Vacron Camera ping Command Injection Remote Code Execution Vulnerability
Vacron Camera ping Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Vacron Camera devices. Authentication is required to exploit this vulnerability. The specific flaw exists within the webs.cgi...
CVE-2025-6685 ATEN eco DC Missing Authorization Privilege Escalation Vulnerability
ATEN eco DC Missing Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of ATEN eco DC. Authentication is required to exploit this vulnerability. The specific flaw exists within the web-based interface. The...
CVE-2025-57425
A Stored Cross-Site Scripting XSS vulnerability in SourceCodester FAQ Management System 1.0 allows an authenticated attacker to inject malicious JavaScript into the 'question' and 'answer' fields via the update-faq.php endpoint...
Linux Distros Unpatched Vulnerability : CVE-2018-12483
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OCS Inventory 2.4.1 is prone to a remote command-execution vulnerability. Specifically, this issue occurs because the content of the ipdiscoveranalyser rzo GET...
CVE-2025-40707 Cross-Site Scripting (XSS) vulnerability in OpenAtlas by ACDH-CH
Cross-Site Scripting XSS vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage ACDH-CH, due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an...
CVE-2025-46409
Inadequate encryption strength issue exists in SS1 Ver.16.0.0.10 and earlier Media version:16.0.0a and earlier. If this vulnerability is exploited, a function that requires authentication may be accessed by a remote unauthenticated attacker...
CVE-2025-46409
SS1 is affected by CVE-2025-46409 (Inadequate encryption strength) in SS1 Ver.16.0.0.10 and earlier (Media 16.0.0a and earlier). The issue may allow a remote, unauthenticated user to access a function that requires authentication. Public references also document additional vulnerabilities in SS1 ...