WWBN AVideo 信息泄露漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to version 29 contain an information leakage vulnerability. This vulnerability stems from the git.json.php file located in the root directory, which executes and returns the complet...

WordPress Responsive Blocks plugin <= 2.0.5 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by zaim in WordPress Plugin Responsive Blocks versions = 2.0.5...

MINI-QF3F-9GPG-5MG7

Bulletin has no description...

WordPress Cost of Goods for WooCommerce plugin <= 3.7.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Cost of Goods for WooCommerce versions = 3.7.0...

WordPress Push Notification for Post and BuddyPress plugin <= 1.93 - Multiple Unauthenticated SQLi vulnerability

Multiple Unauthenticated SQLi vulnerability discovered by Project Black in WordPress Plugin Push Notification for Post and BuddyPress versions = 1.93...

WordPress Ajax Load More plugin <= 7.3.1.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Ajax Load More versions = 7.3.1.2...

WordPress Cost Calculator for Elementor plugin <= 1.3.3 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Michael in WordPress Plugin Cost Calculator for Elementor versions = 1.3.3...

WordPress Progress Bar plugin <= 2.2.3 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Progress Bar versions = 2.2.3...

WordPress WooCommerce Products without featured images Plugin <= 0.1 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability

CSRF to Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin WooCommerce Products without featured images versions = 0.1...

WordPress Small Package Quotes – Worldwide Express Edition plugin <= 5.2.19 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Mika in WordPress Plugin Small Package Quotes – Worldwide Express Edition versions = 5.2.19...

WordPress Gravel Theme <= 1.6 is vulnerable to Cross Site Scripting (XSS)

Software Gravel Type Theme Vulnerable versions = 1.6 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-31418 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 8d65d0e5dbda Credits Mika Required privilege Unauthenticated...

WordPress WP Plugin Info Card plugin <= 5.3.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by muhammad yudha in WordPress Plugin WP Plugin Info Card versions = 5.3.0...

JVN#39139884: Movable Type vulnerable to cross-site scripting

Movable Type provided by Six Apart Ltd. contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on a logged-in user's web browser. Solution Update the Software Apply the appropriate update according to the information provided by the developer. The develop...

JVN#95898697: Multiple ESET products for macOS vulnerable to improper server certificate verification

Multiple ESET products for macOS are vulnerable to improper server certificate verification CWE-295. Impact A man-in-the-middle attack may allow an attacker to alter the data received by the affected products. Solution Update the software Update the software to the latest version according to the...

JVN#16690037: Multiple cross-site scripting vulnerabilities in php_mailform

phpmailform provided by econosys system contains multiple cross-site scripting vulnerabilities listed below. Reflected cross-site scripting vulnerability regarding the checkbox CWE-79 - CVE-2022-22142 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base...

JVN#42866574: Multiple vulnerabilities in Sharp NEC Display Solutions' public displays

Multiple public displays provided by Sharp NEC Display Solutions, Ltd. contain multiple vulnerabilities listed below. Command Injection CWE-77 - CVE-2021-20698 Version| Vector| Score ---|---|--- CVSS v2| AV:N/AC:L/Au:N/C:C/I:C/A:C| Base Score:10.0 CVSS v3|...

JVN#83739174: Cybozu Mailwise vulnerable to directory traversal

Cybozu Mailwise provided by Cybozu, Inc. contains a directory traversal vulnerability CWE-22 due to a flaw in processing parameter of the HTTP request. Impact A remote attacker may delete arbitrary files on the server. Solution Update the Software Update to the latest version according to the...

JVN#39171169: Installer of ChatWork Desktop App for Windows may insecurely load Dynamic Link Libraries

Installer of ChatWork Desktop App for Windows provided by ChatWork Co,. LTD. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use t...

JVN#79301396: Susie plug-in "axpdfium" may insecurely load Dynamic Link Libraries

Susie plug-in "axpdfium" contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user running the program where "axpdfium" is used. Solution Update the plug-in Update the plug-...

JVN#06770361: Installer of Tera Term may insecurely load Dynamic Link Libraries

The installer of Tera Term provided by TeraTerm Project contains an issue with the DLL search path, which may lead to insecurely load Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the latest installer Use...