3862 matches found
MantisBT 安全漏洞
MantisBT is a Web-based open source defect tracking system from the MantisBT team. The system provides project management and defect tracking services in a web-operated format. A security vulnerability exists in MantisBT 2.27.1 and earlier versions, which stems from an unvalidated comment length...
CVE-2025-63293
FairSketch Rise Ultimate Project Manager & CRM 3.9.4 is vulnerable to Insecure Permissions. A remote authenticated user can append comments or upload attachments to tickets for which they lack view or edit authorization, due to missing authorization checks in the ticketing/commenting API...
CVE-2025-63293
FairSketch Rise Ultimate Project Manager & CRM 3.9.4 is vulnerable to Insecure Permissions. A remote authenticated user can append comments or upload attachments to tickets for which they lack view or edit authorization, due to missing authorization checks in the ticketing/commenting API...
CVE-2025-11983
The WP Discourse plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5.9. This is due to the plugin unconditionally sending Discourse API credentials Api-Key and Api-Username headers to any host specified in a post's discoursepermalink custom field...
EUVD-2025-37422
The WP Discourse plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5.9. This is due to the plugin unconditionally sending Discourse API credentials Api-Key and Api-Username headers to any host specified in a post's discoursepermalink custom field...
CVE-2025-11983
The WP Discourse plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5.9. This is due to the plugin unconditionally sending Discourse API credentials Api-Key and Api-Username headers to any host specified in a post's discoursepermalink custom field...
CVE-2025-11983 WP Discourse <= 2.5.9 - Authenticated (Author+) Information Exposure
The WP Discourse plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5.9. This is due to the plugin unconditionally sending Discourse API credentials Api-Key and Api-Username headers to any host specified in a post's discoursepermalink custom field...
CVE-2025-11983 WP Discourse <= 2.5.9 - Authenticated (Author+) Information Exposure
The WP Discourse plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5.9. This is due to the plugin unconditionally sending Discourse API credentials Api-Key and Api-Username headers to any host specified in a post's discoursepermalink custom field...
CVE-2025-11983
The WP Discourse WordPress plugin (versions up to and including 2.5.9) exposes Discourse API credentials (Api-Key and Api-Username) by unconditionally sending them to any host specified in a post’s discourse_permalink field during comment synchronization. This information exposure can be exploite...
PT-2025-44710
Name of the Vulnerable Software and Affected Versions WP Discourse plugin for WordPress versions through 2.5.9 Description The WP Discourse plugin for WordPress is susceptible to information disclosure. The plugin unconditionally transmits Discourse API credentials Api-Key and Api-Username header...
EUVD-2025-37172
Malicious code in epic-comment-rating npm...
Malicious code in epic-comment-rating-frontend (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 42e3cd259d5ade70b14b1659d77f4d7271460e40c6329a4c9dd43c8727e251da The package epic-comment-rating-frontend was found to contain malicious code...
Malicious code in epic-comment-rating (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b482eaca9889c0f8ac5d950fc6630478102d1ced2132fb08c5ad85366b6954ac The package epic-comment-rating was found to contain malicious code...
Malicious code in epic-comment-rating-service (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e545e5ad95e677ec0468b1254d12e8d5f47eb49cb6261a4ec337fd1c6dee7020 The package epic-comment-rating-service was found to contain malicious code...
EUVD-2025-37170
Malicious code in epic-comment-rating-service npm...
EUVD-2025-37171
Malicious code in epic-comment-rating-frontend npm...
MAL-2025-49121 Malicious code in epic-comment-rating (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b482eaca9889c0f8ac5d950fc6630478102d1ced2132fb08c5ad85366b6954ac The package epic-comment-rating was found to contain malicious code...
MAL-2025-49122 Malicious code in epic-comment-rating-frontend (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 42e3cd259d5ade70b14b1659d77f4d7271460e40c6329a4c9dd43c8727e251da The package epic-comment-rating-frontend was found to contain malicious code...
MAL-2025-49123 Malicious code in epic-comment-rating-service (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e545e5ad95e677ec0468b1254d12e8d5f47eb49cb6261a4ec337fd1c6dee7020 The package epic-comment-rating-service was found to contain malicious code...
EUVD-2025-37011
Cross-site scripting XSS vulnerability in blog-details.php in Hiruna Gallage's Glamour Salon Management System v1 allows remote attackers to inject arbitrary web script or HTML via the blog comment section parameter...