13812 matches found
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the WriteRelationships function when the exclusion operator is used in the authorization schema and the server is configured with --write-relationships-max-updates-per-call greater...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the WriteRelationships function when the exclusion operator is used in the authorization schema and the server is configured with --write-relationships-max-updates-per-call greater...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the WriteRelationships function when the exclusion operator is used in the authorization schema and the server is configured with --write-relationships-max-updates-per-call greater...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the WriteRelationships function when the exclusion operator is used in the authorization schema and the server is configured with --write-relationships-max-updates-per-call greater...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the WriteRelationships function when the exclusion operator is used in the authorization schema and the server is configured with --write-relationships-max-updates-per-call greater...
CVE-2025-64529
SpiceDB prior to v1.45.2 is affected when the exclusion operator is used and a per-call payload is large due to --write-relationships-max-updates-per-call > 6500. In this scenario, WriteRelationships can return success for a failed operation and produce incorrect permission results if the affe...
CVE-2025-12837
The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Call To Action widget in versions up to, and including, 1.1.5 due to insufficient input sanitization and output escaping on user-supplied values. This makes it possible for authenticated...
EUVD-2025-38372
The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Call To Action widget in versions up to, and including, 1.1.5 due to insufficient input sanitization and output escaping on user-supplied values. This makes it possible for authenticated...
CVE-2025-12837 aThemes Addons for Elementor <= 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Call To Action Widget
The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Call To Action widget in versions up to, and including, 1.1.5 due to insufficient input sanitization and output escaping on user-supplied values. This makes it possible for authenticated...
CVE-2025-12837 aThemes Addons for Elementor <= 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Call To Action Widget
The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Call To Action widget in versions up to, and including, 1.1.5 due to insufficient input sanitization and output escaping on user-supplied values. This makes it possible for authenticated...
PT-2025-45566
Name of the Vulnerable Software and Affected Versions aThemes Addons for Elementor plugin for WordPress versions through 1.1.5 Description The aThemes Addons for Elementor plugin for WordPress has a flaw that allows for the injection of malicious web scripts. This is due to inadequate handling of...
SuiteCRM SQL注入漏洞
SuiteCRM is a customer relationship management system from the SuiteCRM team. A SQL injection vulnerability exists in SuiteCRM versions 7.14.7 and earlier and versions 8.0.0-beta.1 through 8.9.0, which originates from an attacker who can construct a malicious callid parameter to manipulate SQL...
CVE-2025-64488 SuiteCRM: Authenticated SQL Injection Possible in Reschedule Call Module
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. In versions 7.14.7 and below and 8.0.0-beta.1 through 8.9.0 8.0.0-beta.1, an attacker can craft a malicious callid that alters the logic of the SQL query or injects arbitrary SQL. An attack can...
CVE-2025-64488 SuiteCRM: Authenticated SQL Injection Possible in Reschedule Call Module
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. In versions 7.14.7 and below and 8.0.0-beta.1 through 8.9.0 8.0.0-beta.1, an attacker can craft a malicious callid that alters the logic of the SQL query or injects arbitrary SQL. An attack can...
CVE-2025-64488
The CVE-2025-64488 affects SuiteCRM. An attacker can craft a malicious call_id to alter SQL query logic or inject arbitrary SQL, leading to unauthorized data access, data exfiltration, and potentially full database compromise. Affected versions: SuiteCRM 7.14.7 and earlier, and 8.0.0-beta.1 throu...
CVE-2025-64488 SuiteCRM: Authenticated SQL Injection Possible in Reschedule Call Module
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. In versions 7.14.7 and below and 8.0.0-beta.1 through 8.9.0 8.0.0-beta.1, an attacker can craft a malicious callid that alters the logic of the SQL query or injects arbitrary SQL. An attack can...
CVE-2025-63783
A Broken Object Level Authorization BOLA vulnerability was discovered in the tRPC project mutation APIs update, delete, add/remove tag of the Onlook web application 0.2.32. The vulnerability exists because the API fails to verify the ownership or membership of the currently authenticated user for...
PT-2025-45523
Name of the Vulnerable Software and Affected Versions SuiteCRM versions 7.14.7 and below SuiteCRM versions 8.0.0-beta.1 through 8.9.0 Description SuiteCRM is a Customer Relationship Management CRM software application. An attacker can manipulate the call id to modify SQL query logic or inject...
PT-2025-45466
Name of the Vulnerable Software and Affected Versions Onlook web application version 0.2.32 Description A Broken Object Level Authorization BOLA issue exists in the tRPC project mutation APIs update, delete, add/remove tag of the Onlook web application. The API does not properly validate if the...
CVE-2025-12489
evernote-mcp-server openBrowser Command Injection Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of evernote-mcp-server. An attacker must first obtain the ability to execute low-privileged code on the target system in...