Sylius 跨站脚本漏洞

Sylius is an open-source e-commerce platform developed by the Polish company Sylius, based on the Symfony framework. Sylius has a cross-site scripting vulnerability. This vulnerability arises from the use of the innerHTML method to render the message field in the login form during checkout, which...

Gokapi 访问控制错误漏洞

Gokapi is a lightweight, self-hosted alternative to Firefox sending by Marc Bulling. Versions of Gokapi prior to 2.2.3 contained an access control vulnerability, which was caused by a flaw in the user downgrade logic, potentially leading to privilege escalation...

Gokapi 访问控制错误漏洞

Gokapi is a lightweight, self-hosted alternative to Firefox sending by Marc Bulling. Versions of Gokapi prior to 2.2.3 contained an access control vulnerability. This vulnerability stemmed from the SSE implementation for upload status on /uploadStatus, which exposed the global upload status to an...

PT-2025-48714

dcat-admin v2.2.3-beta and before is vulnerable to file inclusion in admin/src/Extend/VersionManager.php...

EUVD-2012-4696

Malware in sbrugna...

CVE-2025-54117

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Cross-site scripting XSS vulnerability in NamelessMC before 2.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via the dashboard text editor component. This vulnerability is fixed ...

PT-2024-17200 · WordPress · Wp Job Portal

Name of the Vulnerable Software and Affected Versions: WP Job Portal plugin versions prior to 2.2.3 Description: The WP Job Portal plugin for WordPress is vulnerable to SQL Injection via the fieldfor, visibleParent, and id parameters due to insufficient escaping on user-supplied parameters and la...

WordPress plugin Custom Twitter Feeds 命令注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A command injection...

WordPress Plugin FluentSMTP 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

PT-2023-2540 · Werkzeug +6 · Werkzeug +6

Name of the Vulnerable Software and Affected Versions: Werkzeug versions prior to 2.2.3 Description: The issue is related to the multipart form data parser in Werkzeug, which can parse an unlimited number of parts, including file parts. This can cause unexpectedly high resource usage if a request...

PT-2022-18526 · Synology · Synology Sso Server

Name of the Vulnerable Software and Affected Versions: Synology SSO Server versions prior to 2.2.3-0331 Description: The issue is related to a Path Traversal vulnerability in the webapi component, allowing remote authenticated users to read arbitrary files via unspecified vectors. Recommendations...

Synology SSO Server 路径遍历漏洞

Synology SSO Server is a server software from China-based Synology Inc. that provides single sign-on functionality. A path traversal vulnerability exists in Synology SSO Server versions prior to 2.2.3-0331, which stems from an improper restriction on the pathname of a restricted directory in the...

Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line

...

CVE-2020-27278

In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, hard-coded credentials in the ventilator allow attackers with physical access to obtain admin privileges for the device’s configuration interface...

Hipchat Server Arbitrary Code Execution Vulnerability

Hipchat Server is a set of team chat tools that supports group and 1-to-1 voice and video chat with screen sharing. A security vulnerability exists in Hipchat Server versions prior to 2.2.3. A remote attack could exploit the vulnerability to execute arbitrary code via an imported file...