imgproxy 代码问题漏洞

imgproxy is imgproxy individual developer's fast and secure standalone server for tweaking and converting remote mirrors. A code issue vulnerability exists in imgproxy that stems from the presence of a server-side request forgery vulnerability against 0.0.0.0...

CVE-2025-24361

The CVE-2025-24361 issue affects Nuxt (Vue.js) dev-server workflow: when using webpack (3.0.0–3.15.12) or rspack (3.12.2–3.152) builders, loading a malicious site can trigger source-code exposure. Attacker can use Function::toString on window.webpackChunknuxt_app values to reveal the Nuxt source....

PT-2025-1886 · WordPress · Brodos.Net Onlineshop Plugin

Name of the Vulnerable Software and Affected Versions: brodos.net Onlineshop Plugin plugin for WordPress versions up to, and including, 2.0.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'BrodosCategory' shortcode due to insufficient input sanitization and...

CVE-2025-24638 WordPress Create with Code plugin <= 1.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pete Dring Create with Code allows DOM-Based XSS. This issue affects Create with Code: from n/a through 1.4...

IBM Planning Analytics 代码问题漏洞

IBM Planning Analytics is a suite of business planning analytics solutions from International Business Machines IBM. The solution supports automated execution of processes such as business planning, budgeting, and analysis. A code issue vulnerability exists in IBM Planning Analytics versions 2.0...

Microsoft Excel Code Problem Vulnerability (CNVD-2025-02829)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code issue vulnerability exists in Microsoft Excel. An attacker could exploit the vulnerability to bypass certain functionality...

bootplus 代码问题漏洞

bootplus is a permission management framework by JoeyBling Personal Developer. A code issue vulnerability exists in bootplus, which stems from the parameter PortraitFile in the file src/main/java/io/github/controller/SysFileController.java that can lead to unrestricted uploads...

IBM Cognos Dashboards on Cloud Pak for Data 代码问题漏洞

IBM Cognos Dashboards on Cloud Pak for Data is a business intelligence tool from International Business Machines IBM. A code issue vulnerability exists in IBM Cognos Dashboards on Cloud Pak for Data versions 4.0.7 and 5.0.0 that stems from dependency obfuscation...

WordPress plugin Multi Uploader for Gravity Forms 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in...

Authenticated Stored XSS in YesWiki

Authenticated Stored XSS in YesWiki wiki-href'upload', $this-wiki-GetPageTag, "file=$this-file" . '" class="btn btn-primary" ' . t'UPLOADFILE' . ' ' . $this-file . ''; The file name attribute is not properly sanitized when returned to the client, therefore allowing the execution of malicious...

matrix-media-repo 代码问题漏洞

matrix-media-repo is a highly configurable multi-domain media repository for Matrix in the t2bot.io open source. A code issue vulnerability exists in matrix-media-repo that stems from the fact that if Matrix Media Repo has SVG or JPEGXL thumbnails enabled, a user can upload files claiming to be o...

Mattermost 代码问题漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a code issue vulnerability that stems from a failure to properly validate a proto style provided to an action style, which can be exploited by an attacker to crash the front-end...

WUZHI CMS 代码问题漏洞

WUZHI CMS is a PHP and MySQL based open source content management system CMS from WUZHI. A code issue vulnerability exists in WUZHI CMS version 4.1.0, which stems from the parameter sphinxhost/sphinxport being susceptible to server-side request forgery attacks...

Microsoft Office 代码问题漏洞

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. Common components of this product include Word, Excel, Access, Powerpoint, FrontPage, and so on. A code issue vulnerability exists in Microsoft Office. An attacker exploiting this vulnerability cou...

CampCodes Computer Laboratory Management System 代码问题漏洞

CampCodes Computer Laboratory Management System is a computerized laboratory management system from CampCodes, Inc. A code issue vulnerability exists in CampCodes Computer Laboratory Management System version 1.0 due to an unrestricted upload of the parameter ephoto...

VMware Aria Automation 代码问题漏洞

VMware Aria Automation is a modern workflow automation platform from VMware that simplifies and automates complex data center infrastructure tasks to improve scalability and agility. A code issue vulnerability exists in VMware Aria Automation. An attacker exploiting this vulnerability could...

CVE-2024-56585

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Fix sleeping in atomic context for PREEMPTRT Commit bab1c299f3945ffe79 "LoongArch: Fix sleeping in atomic context in setuptlbhandler" changes the gfp flag from GFPKERNEL to GFPATOMIC for allocpagesnode. However, for...

CVE-2024-56575 media: imx-jpeg: Ensure power suppliers be suspended before detach them

In the Linux kernel, the following vulnerability has been resolved: media: imx-jpeg: Ensure power suppliers be suspended before detach them The power suppliers are always requested to suspend asynchronously, devpmdomaindetach requires the caller to ensure proper synchronization of this function...

JetBrains TeamCity Code Issue Vulnerability

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. A code issue vulnerability exists in JetBrains...

Delta Electronics DTM Code Issue Vulnerability

Delta Electronics DTM is a series of temperature controllers from Delta Electronics China. A code issue vulnerability exists in Delta Electronics DTM, which can be exploited by an attacker to execute arbitrary code...