14 matches found
CVE-2025-67269
A flaw was found in gpsd. A remote attacker can exploit this vulnerability by sending a specially crafted NAVCOM packet. When parsing the packet, an error in calculating the payload length can cause the system to attempt to process an extremely large amount of data. This leads to excessive CPU...
PT-2025-7190 · Unknown · Shambhu Patnaik Rss Filter
Name of the Vulnerable Software and Affected Versions: Shambhu Patnaik RSS Filter versions n/a through 1.2 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web...
PT-2025-4948 · Cubepm · Cubepm
Name of the Vulnerable Software and Affected Versions: CubePM versions n/a through 1.0 Description: The issue is related to improper neutralization of input during web page generation, which allows for reflected Cross-site Scripting XSS. This means that an attacker can inject malicious scripts in...
PT-2024-36123 · Unknown · Think201 Easy Replace
Name of the Vulnerable Software and Affected Versions: Think201 Easy Replace versions n/a through 1.3 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS attacks. Recommendations: For...
PT-2024-35291 · Unknown · Aaron Robbins Post Ideas
Name of the Vulnerable Software and Affected Versions: Aaron Robbins Post Ideas versions n/a through 2 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows SQL Injection. This means an attacker can trick a user into performing unintended actions on the web...
PT-2024-31651 · Unknown · Manu225 Flipping Cards
Name of the Vulnerable Software and Affected Versions: Manu225 Flipping Cards versions n/a through 1.30 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendations: Fo...
PT-2024-27643 · Unknown · Image Hover Effects - Caption Hover With Carousel
Name of the Vulnerable Software and Affected Versions: Image Hover Effects - Caption Hover with Carousel versions 3.0.2 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS...
PT-2024-22474 · Freeimage +1 · Freeimage +1
Name of the Vulnerable Software and Affected Versions: FreeImage version 3.19.0 r1909 Description: The issue allows a local attacker to cause a denial of service DoS via the fill input buffer function when reading images in JPEG format. Recommendations: For FreeImage version 3.19.0 r1909, conside...
PT-2024-18876 · Unknown · Sourcecodester Online Mobile Management Store
Name of the Vulnerable Software and Affected Versions: SourceCodester Online Mobile Management Store version 1.0 Description: A vulnerability was found in the software, classified as problematic. It affects an unknown function of the file /endpoint/update-tracker.php. The manipulation of the...
PT-2024-20431 · Public Knowledge · Pkp Ojs
Name of the Vulnerable Software and Affected Versions: Pkp OJS version 3.4 Description: The issue allows an attacker to execute arbitrary code via the input subtitle component. This is a Cross Site Scripting vulnerability. Recommendations: For Pkp OJS version 3.4, consider disabling the input...
PT-2024-14174 · WordPress · Wp Booking Calendar
Name of the Vulnerable Software and Affected Versions: WP Booking Calendar versions prior to 9.7.4 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inject...
PT-2023-31805 · Unknown · Brizy – Page Builder
Name of the Vulnerable Software and Affected Versions: Brizy – Page Builder versions 2.4.29 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can...
PT-2023-23252 · Baidu · Baidu Tongji Generator
Name of the Vulnerable Software and Affected Versions: Baidu Tongji generator versions n/a through 1.0.2 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS in the Haoqisir Baidu Tongji generator. Recommendations: For versions n/a through 1.0.2, as a...
PT-2023-20462 · Lexmark · Lexmark
Name of the Vulnerable Software and Affected Versions: Lexmark devices through 2023-02-19 Description: The issue is related to mishandling Input Validation. A proof of concept PoC has been published for a critical vulnerability in Lexmark printers, which allows for privilege escalation. There hav...