CVE-2025-67438

A Stored Cross-Site Scripting XSS vulnerability in Sync-in Server before 1.9.3 allows an authenticated attacker to execute arbitrary JavaScript in a victim's browser. By uploading a crafted SVG file containing a malicious payload, an attacker can access and exfiltrate sensitive information,...

AZL-71566 CVE-2025-65637 affecting package containerized-data-importer for versions less than 1.55.0-27

A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is closed, leaving...

IFM Moneo Appliance 授权问题漏洞

The IFM Moneo Appliance QHA200 and the IFM Moneo Appliance QHA210 are both pieces of hardware from IFM Germany that are used to operate Moneo in the production process. An authorization issue vulnerability exists in IFM Moneo Appliance versions prior to 1.9.3. An attacker could exploit this...

DEBIAN-CVE-2021-42836

GJSON before 1.9.3 allows a ReDoS regular expression denial of service attack...

CVE-2021-24665

The WP Video Lightbox WordPress plugin before 1.9.3 does not escape the attributes of its shortcodes, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...

CVE-2021-24495

The Marmoset Viewer WordPress plugin before 1.9.3 does not property sanitize, validate or escape the 'id' parameter before outputting back in the page, leading to a reflected Cross-Site Scripting issue...

CVE-2021-3570

A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or potentially remote code execution. The highest threat from this vulnerability is to data confidentiali...

VMware Harbor Container Registry for Pivotal Platform Elevation of Privilege Vulnerability

VMware Harbor Container Registry for Pivotal Platform is a product of VMware. An elevation of privilege vulnerability exists in VMware Harbor Container Registry for Pivotal Platform version 1.9 prior to 1.9.3 and version 1.8 prior to 1.8.6. The vulnerability can be exploited to reset passwords an...

CVE-2011-1058

Cross-site scripting XSS vulnerability in the reStructuredText rst parser in parser/textrst.py in MoinMoin before 1.9.3, when docutils is installed or when "format rst" is set, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the refuri attribute. NOTE: some...

CVE-2011-1058

Cross-site scripting XSS vulnerability in the reStructuredText rst parser in parser/textrst.py in MoinMoin before 1.9.3, when docutils is installed or when "format rst" is set, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the refuri attribute. NOTE: some...

PYSEC-2010-18

Multiple cross-site scripting XSS vulnerabilities in MoinMoin 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to 1 action/SlideShow.py, 2 action/anywikidraw.py, and 3 action/languagesetup.py, a similar issue to CVE-2010-2487...