6047 matches found
CVE-2024-1711
The Create by Mediavine plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.9.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
VulnCheck KEV: CVE-2018-19410
Paessler PRTG Network Monitor contains a local file inclusion vulnerability that allows a remote, unauthenticated attacker to create users with read-write privileges including administrator...
CVE-2024-57450
ChestnutCMS =1.5.0 is vulnerable to File Upload via the Create template function...
CVE-2024-57450
ChestnutCMS =1.5.0 is vulnerable to File Upload via the Create template function...
tuned: improper sanitization of `instance_name` parameter of the `instance_create()` method
A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick t...
tuned: improper sanitization of `instance_name` parameter of the `instance_create()` method
A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick t...
CVE-2024-57450
ChestnutCMS =1.5.0 is vulnerable to File Upload via the Create template function...
PT-2025-3447 · Unknown · Chestnutcms
Name of the Vulnerable Software and Affected Versions: ChestnutCMS versions 1.5.0 and earlier Description: The issue allows for File Upload via the Create template function. Recommendations: For ChestnutCMS versions 1.5.0 and earlier, update to a version that fixes this issue. At the moment, ther...
ChestnutCMS 安全漏洞
ChestnutCMS is a front-end and back-end separated enterprise-level content management system by liweiyi individual developer. A security vulnerability exists in ChestnutCMS version 1.5.0 and prior versions, which stems from the vulnerability of uploading files via the Create Template feature...
CVE-2024-12171
CVE-2024-12171 affects the ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress. The vulnerability is a privilege-escalation flaw caused by a missing capability check on the eh_crm_agent_add_user AJAX action, affecting all versions up to and including 3.2.6. This allows authen...
UBUNTU-CVE-2025-21675
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Clear port select structure when fail to create Clear the port select structure on error so no stale values left after definers are destroyed. That's because the mlx5lagdestroydefiners always try to destroy all lag...
CVE-2025-24638
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pddring Create with Code create-with-code allows DOM-Based XSS.This issue affects Create with Code: from n/a through = 1.4...
CVE-2025-24638 WordPress Create with Code plugin <= 1.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pete Dring Create with Code allows DOM-Based XSS. This issue affects Create with Code: from n/a through 1.4...
CVE-2025-24638
CVE-2025-24638 is a DOM-Based XSS in the WordPress plugin Create with Code, affecting versions n/a through 1.4. It results from improper input neutralization during web page generation. Public sources (NVD, Red Hat, Wordfence) classify it as Cross-Site Scripting, with Wordfence noting a patch/Pat...
WordPress Create with Code plugin <= 1.4 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin Create with Code versions = 1.4...
PT-2025-5465 · Unknown · Create With Code
Name of the Vulnerable Software and Affected Versions: Create with Code versions n/a through 1.4 Description: The issue is related to improper neutralization of input during web page generation, which allows for DOM-Based XSS. This enables potential attackers to inject malicious scripts into the...
WordPress plugin Create with Code 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
PYSEC-2025-131
lunasvg v3.0.0 was discovered to contain a allocation-size-too-big bug via the component plutovgsurfacecreate...
PYSEC-2025-131
lunasvg v3.0.0 was discovered to contain a allocation-size-too-big bug via the component plutovgsurfacecreate...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS via the plutovgsurfacecreate component. An attacker can cause a denial of service by creating a surface with an excessively large size. Details Denial of Service DoS describes a family of attacks, all aimed at maki...