5552 matches found
WordPress plugin SKT PayPal for WooCommerce 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
PYSEC-2025-219
An issue was discovered in Overhang.IO tutor-open-edx overhangio/tutor 20.0.2 allowing local unauthorized attackers to gain access to sensitive information due to the absence of proper cache-control HTTP headers and client-side session checks...
PT-2025-48178
Name of the Vulnerable Software and Affected Versions Overhang.IO tutor-open-edx version 20.0.2 Description A security issue exists in Overhang.IO tutor-open-edx version 20.0.2 that could allow local unauthorized attackers to access sensitive information. This is due to missing cache-control HTTP...
JLSEC-2025-227 Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, accepts servers that have trusted ...
Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, accepts servers that have trusted certificates for arbitrary hostnames unless the TLS client application calls mbedtlssslsethostname...
CVE-2025-59113
Windu CMS implements weak client-side brute-force protection by using parameter loginError. Information about attempt count or timeout is not stored on the server, which allows a malicious attacker to bypass this brute-force protection by resetting this parameter. Only version 4.1 was tested and...
CVE-2025-63883
A DOM-based cross-site scripting vulnerability exists in electic-shop v1.0 Bhabishya-123/E-commerce. The site's client-side JavaScript reads attacker-controlled input for example, values derived from the URL or page fragment and inserts it into the DOM via unsafe sinks...
CVE-2025-59113
Windu CMS implements weak client-side brute-force protection by using parameter loginError. Information about attempt count or timeout is not stored on the server, which allows a malicious attacker to bypass this brute-force protection by resetting this parameter. Only version 4.1 was tested and...
CVE-2025-59113
Windu CMS implements weak client-side brute-force protection by using parameter loginError. Information about attempt count or timeout is not stored on the server, which allows a malicious attacker to bypass this brute-force protection by resetting this parameter. Only version 4.1 was tested and...
EUVD-2025-197999
Windu CMS implements weak client-side brute-force protection by using parameter loginError. Information about attempt count or timeout is not stored on the server, which allows a malicious attacker to bypass this brute-force protection by resetting this parameter. The vendor was notified early...
PT-2025-47327
Name of the Vulnerable Software and Affected Versions electic-shop version 1.0 Description A DOM-based cross-site scripting issue exists where the client-side JavaScript reads attacker-controlled input and inserts it into the DOM via unsafe sinks, specifically innerHTML, insertAdjacentHTML, and...
Windu CMS 安全漏洞
Windu CMS Windu CMS is a lightweight web content management system CMS from Windu. A security vulnerability exists in Windu CMS version 4.1, which stems from insufficient client-side brute force protection and could lead to brute force attacks...
CVE-2025-56527
The CVE-2025-56527 entry concerns Kotaemon 0.11.0 where plaintext passwords are stored in the client’s localStorage. The associated CVSS 3.1 score is 7.5 (HIGH) with an attack vector of Network, attack complexity Low, no privileges required, no user interaction, and but with Confidentiality Impac...
PT-2025-47311
Name of the Vulnerable Software and Affected Versions Windu CMS version 4.1 Windu CMS affected versions not specified Description Windu CMS has a weak client-side brute-force protection mechanism. The system utilizes the loginError parameter, but does not store attempt counts or timeouts...
CVE-2025-63883
A DOM-based cross-site scripting vulnerability exists in electic-shop v1.0 Bhabishya-123/E-commerce. The site's client-side JavaScript reads attacker-controlled input for example, values derived from the URL or page fragment and inserts it into the DOM via unsafe sinks...
Cinnamon kotaemon 安全漏洞
Cinnamon kotaemon is a RAG-based open source tool from Cinnamon Open Source. A security vulnerability exists in Cinnamon kotaemon version 0.11.0, which originates from storing plaintext passwords in client-side localStorage...
CLSA-2025-1763374645 varnish: Fix of 2 CVEs
CVE-2024-30156: fix HTTP/2 flow control vulnerability allowing window credit exhaustion Broke Window Attack causing potential denial of service - CVE-2025-47905: fix client-side request smuggling via malformed HTTP/1 chunked requests...
CVE-2025-64308
The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle...
CVE-2025-64308
The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle to Brightpick AI's documentation portal...
Brightpick Mission Control 安全漏洞
Brightpick Mission Control is a centralized control platform for mission management from Brightpick USA. A security vulnerability exists in Brightpick Mission Control that stems from the inclusion of hard-coded credentials in a client-side JavaScript package...
CVE-2025-64308 Brightpick Mission Control / Internal Logic Control Unprotected Transport of Credentials
The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle to Brightpick AI's documentation portal...