CVE-2025-15572

A vulnerability has been found in wasm3 up to 0.5.0. The affected element is the function NewCodePage. The manipulation leads to memory leak. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. Unfortunately, the project has no active maintainer a...

CVE-2025-15572 wasm3 NewCodePage memory leak

A vulnerability has been found in wasm3 up to 0.5.0. The affected element is the function NewCodePage. The manipulation leads to memory leak. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. Unfortunately, the project has no active maintainer a...

Wasm3 安全漏洞

Wasm3 is an open-source, fast WebAssembly interpreter and the most versatile WASM runtime. Versions of Wasm3 prior to 0.5.0 have security vulnerabilities, which stem from a memory leak in the NewCodePage function...

CVE-1999-0725

When IIS is run with a default language of Chinese, Korean, or Japanese, it allows a remote attacker to view the source code of certain files, a.k.a. "Double Byte Code Page"...

CVE-2025-14056

The Custom Post Type UI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'label' parameter during custom post type import in all versions up to, and including, 1.18.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2025-14056

CVE-2025-14056 concerns the WordPress plugin Custom Post Type UI. It is a Stored Cross-Site Scripting (XSS) via the 'label' parameter during import, affecting all versions up to 1.18.1. An authenticated attacker with Administrator-level access can inject scripts that execute on the Tools → Get Co...

CVE-2024-24701

Cross-Site Request Forgery CSRF vulnerability in Native Grid LLC A no-code page builder for beautiful performance-based content.This issue affects A no-code page builder for beautiful performance-based content: from n/a through 2.1.20...

PHP 操作系统命令注入漏洞

PHP is a scripting language for PHP that executes on the server side. A security vulnerability exists in PHP versions prior to 8.1.29, prior to 8.2.20, and prior to 8.3.8, which stems from a misconfiguration when using a Windows code page with a non-standard configuration that points to the OEM...

CVE-2024-47611

XZ Utils provide a general-purpose data-compression library plus command-line tools. When built for native Windows MinGW-w64 or MSVC, the command line tools from XZ Utils 5.6.2 and older have a command line argument injection vulnerability. If a command line contains Unicode characters for exampl...

CVE-2024-41658 GHSL-2024-036: Reflected XSS in QrCodePage.js

Casdoor is a UI-first Identity and Access Management IAM / Single-Sign-On SSO platform. In Casdoor 1.577.0 and earlier, he purchase URL that is created to generate a WechatPay QR code is vulnerable to reflected XSS. When purchasing an item through casdoor, the product page allows you to pay via...

CVE-2024-24701

Cross-Site Request Forgery CSRF vulnerability in Native Grid LLC A no-code page builder for beautiful performance-based content.This issue affects A no-code page builder for beautiful performance-based content: from n/a through 2.1.20...

CVE-2024-24701

Cross-Site Request Forgery CSRF vulnerability in Native Grid LLC A no-code page builder for beautiful performance-based content.This issue affects A no-code page builder for beautiful performance-based content: from n/a through 2.1.20...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Native Grid LLC A no-code page builder for beautiful performance-based content.This issue affects A no-code page builder for beautiful performance-based content: from n/a through 2.1.20...

CVE-2024-24701 WordPress Setka Editor Plugin <= 2.1.20 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Native Grid LLC A no-code page builder for beautiful performance-based content.This issue affects A no-code page builder for beautiful performance-based content: from n/a through 2.1.20...

CVE-2024-24701

CVE-2024-24701 is a CSRF vulnerability in Setka Editor (WordPress plugin: setka-editor)

PT-2024-20497 · Native Grid Llc +2 · A No-Code Page Builder For Beautiful Performance-Based Content +2

Name of the Vulnerable Software and Affected Versions: A no-code page builder for beautiful performance-based content versions n/a through 2.1.20 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performin...

PortlandLabs Concrete CMS SEO-Extra Feature Cross-Site Scripting Vulnerability

PortlandLabs Concrete CMS is a team-oriented open source content management system of the United States PortlandLabs company . A cross-site scripting vulnerability exists in the PortlandLabs Concrete CMS SEO-Extra feature, which can be exploited by an attacker to execute arbitrary code via a...

CVE-2022-28966

Wasm3 0.5.0 has a heap-based buffer overflow in NewCodePage in m3code.c called indirectly from CompileBranchTable in m3compile.c...

PYSEC-2022-43153

Wasm3 0.5.0 has a heap-based buffer overflow in NewCodePage in m3code.c called indirectly from CompileBranchTable in m3compile.c...

CVE-2021-24239

The Pie Register – User Registration Forms. Invitation based registrations, Custom Login, Payments WordPress plugin before 3.7.0.1 does not sanitise the invitaioncode GET parameter when outputting it in the Activation Code page, leading to a reflected Cross-Site Scripting issue...