IBOS SQL注入漏洞

IBOS is a collaborative office management system. An SQL injection vulnerability exists in IBOS OA version 4.5.5, which stems from the createDeleteCommand function of file article/default/delete that causes sql injection...

Issabel PBX 跨站脚本漏洞

Issabel PBX is a software application. A free and open source software that allows you to build communication tools for your organization. A cross-site scripting vulnerability exists in Issabel PBX version v.4.0.0-6, which originates from a vulnerability that allows attackers to execute arbitrary...

PT-2023-12398 · Osnexus · Quantastor

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue allows an authenticated attacker to create alerts that trigger a stored XSS attack. This means an attacker with authentication credentials can...

KodExplorer 跨站脚本漏洞

KodExplorer is a web file manager by warlee personal developer. A security vulnerability exists in KodExplorer version 4.51, which stems from a cross-site scripting XSS vulnerability contained in the description box of the Create function, which can be exploited by an attacker by injecting XSS...

PT-2025-38350

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.10.142-1-generic, 5.10.142-1-hardened, 6.1.50-1-generic, and 6.1.90-1-generic Description The Linux kernel contains a flaw in the net/mlx5e module, specifically within the mlx5e fs tt redirect any create...

CVE-2023-3506

A vulnerability was found in Active It Zone Active eCommerce CMS 6.5.0. It has been declared as problematic. This vulnerability affects unknown code of the file /ecommerce/supportticket of the component Create Ticket Page. The manipulation of the argument details with the input alert1 leads to...

CVE-2023-3506

A vulnerability was found in Active It Zone Active eCommerce CMS 6.5.0. It has been declared as problematic. This vulnerability affects unknown code of the file /ecommerce/supportticket of the component Create Ticket Page. The manipulation of the argument details with the input alert1 leads to...

Cross site scripting

A vulnerability was found in Active It Zone Active eCommerce CMS 6.5.0. It has been declared as problematic. This vulnerability affects unknown code of the file /ecommerce/supportticket of the component Create Ticket Page. The manipulation of the argument details with the input alert1 leads to...

PT-2023-19128 · WordPress · Wpgraphql

Name of the Vulnerable Software and Affected Versions: WPGraphQL versions 1.14.5 and earlier Description: A Server-Side Request Forgery SSRF issue affects WPGraphQL, allowing authenticated users with media upload capabilities to execute the createMediaItem mutation and potentially gain unwarrante...

CVE-2023-21201

In oncreaterecordevent of btifsdpserver.cc, there is a possible out of bounds read due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android I...

Google Pixel 缓冲区错误漏洞

Google Pixel is a smartphone from Google, an American company. Google Pixel suffers from a security vulnerability that originates in oncreaterecordevent in btifsdpserver.cc, where an out-of-bounds read is possible due to a missing null check, which could lead to a remote denial of service...

CVE-2023-34839

A Cross Site Request Forgery CSRF vulnerability in Issabel issabel-pbx v.4.0.0-6 allows a remote attacker to gain privileges via a Custom CSRF exploit to create new user function in the application...

CVE-2023-34839

A Cross Site Request Forgery CSRF vulnerability in Issabel issabel-pbx v.4.0.0-6 allows a remote attacker to gain privileges via a Custom CSRF exploit to create new user function in the application...

Cross site request forgery (csrf)

The KiviCare WordPress plugin before 3.2.1 does not have CSRF checks either flawed or missing completely in various AJAX actions, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. This includes, but is not limited to: Delete arbitrary...

Stored XSS at Search page

Description Create new item with XSS payload. Then go to Search page, XSS vulnerability will be trigger. Proof of Concept https://drive.google.com/file/d/1OB11FmQvy2-qRI9r1BlavKUxJ4kaMjp/view?usp=sharing Acknowledge Tran Van Nhan from bl4ckh0l3 of GalaxyOne...

CVE-2023-36289

An unauthenticated Cross-Site Scripting XSS vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST emailcreate and back parameter...

Supsystic Popup < 1.10.19 - Prototype Pollution

The plugin has a prototype pollution vulnerability that could allow an attacker to inject arbitrary properties into Object.prototype. 1 Create a pop-up that is set to load on any page 2 Go to http://example.com/?protopoc=polluted 3 Open browser console 4 Type poc and see polluted as the result...

Webkul QloApps 跨站脚本漏洞

Webkul QloApps is a free and open source hotel reservation and online booking system. A security vulnerability exists in Webkul QloApps version 1.6.0, which stems from a cross-site scripting XSS vulnerability. An attacker can use this vulnerability to obtain a user's session cookie and then emula...

CVE-2023-36366

An issue in the logcreatedelta component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause Denial of Service DoS via crafted SQL statements...

MonetDB 安全漏洞

MonetDB is an open source column-oriented relational database management system from MonetDB Open Source. A security vulnerability exists in MonetDB Server versions 11.45.17 and 11.46.0, which stems from a security issue with the component logcreatedelta. An attacker could exploit the vulnerabili...