2884 matches found
PT-2026-37280
Name of the Vulnerable Software and Affected Versions Grav versions prior to 2.0.0-beta.2 Description An authenticated user with page editing permissions can perform stored Cross-Site Scripting XSS by injecting an executable JavaScript event-handler attribute into rendered image HTML. This occurs...
[SECURITY] Fedora 44 Update: emacs-30.2-23.fc44
GNU Emacs is a powerful, customizable, self-documenting, modeless text editor. It contains special code editing features, a scripting language elisp, and the capability to read mail, news, and more without leaving the editor...
CVE-2018-25308 BuddyPress Xprofile Custom Fields Type 2.6.3 Arbitrary File Deletion
BuddyPress Xprofile Custom Fields Type 2.6.3 contains a remote code execution vulnerability that allows authenticated users to delete arbitrary files by manipulating unescaped POST parameters. Attackers can modify the fieldhiddenfile and fielddeleteimg parameters during profile editing to unlink...
EUVD-2018-21829
BuddyPress Xprofile Custom Fields Type 2.6.3 contains a remote code execution vulnerability that allows authenticated users to delete arbitrary files by manipulating unescaped POST parameters. Attackers can modify the fieldhiddenfile and fielddeleteimg parameters during profile editing to unlink...
CVE-2018-25308
Affected product: BuddyPress Xprofile Custom Fields Type 2.6.3. Vulnerability: remote code execution via unescaped POST parameters during profile editing, enabling authenticated users to delete arbitrary files by manipulating field_hiddenfile and field_deleteimg. Impact: high impact on confidenti...
CVE-2026-5712
This vulnerability impacts all versions of IdentityIQ and allows an authenticated identity that is the requestor or assignee of a work item to edit the definition of a role without having an assigned capability that would allow role editing...
CVE-2026-5712 IdentityIQ Role Editor Incorrect Authorization Vulnerability
This vulnerability impacts all versions of IdentityIQ and allows an authenticated identity that is the requestor or assignee of a work item to edit the definition of a role without having an assigned capability that would allow role editing...
CVE-2026-5712
This vulnerability impacts all versions of IdentityIQ and allows an authenticated identity that is the requestor or assignee of a work item to edit the definition of a role without having an assigned capability that would allow role editing...
PT-2026-35340
A vulnerability was identified in itsourcecode Courier Management System 1.0. The affected element is an unknown function of the file /edit parcel.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might be...
CVE-2025-50229
Jizhicms v2.5.4 is vulnerable to SQL injection in the product editing module...
EUVD-2025-209568
Jizhicms v2.5.4 is vulnerable to SQL injection in the product editing module...
CVE-2025-50229
Jizhicms v2.5.4 is vulnerable to SQL injection in the product editing module...
CVE-2025-50229
Jizhicms v2.5.4 is vulnerable to SQL injection in the product editing module...
CVE-2025-50229
Jizhicms v2.5.4 is vulnerable to SQL injection in the product editing module...
PT-2026-34666
Jizhicms v2.5.4 is vulnerable to SQL injection in the product editing module...
LangSmith Client SDKs 信息泄露漏洞
LangSmith Client SDKs are a developer toolkit open-sourced by LangChain. LangSmith Client SDKs have a vulnerability related to information leakage, which stems from the fact that output editing controls do not apply to streaming token events, potentially leading to sensitive LLM outputs being...
JIZHICMS 安全漏洞
JIZHICMS is an open-source content management system developed by JIZHI Corporation in China. Version 2.5.4 of JIZHICMS contains a security vulnerability, which stems from the product’s editing module being vulnerable to SQL injection attacks...
CVE-2025-50229
CVE-2025-50229 affects Jizhicms v2.5.4 with a SQL injection vulnerability in the product editing module. The CVSS 3.1 vector indicates high impact on confidentiality, integrity, and availability (base score 9.8; network, low attack complexity, no privileges required, no user interaction). The con...
CVE-2025-50229
Jizhicms v2.5.4 is vulnerable to SQL injection in the product editing module...
CVE-2026-23753
GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the language management functionality where the charset POST parameter is passed directly to SWIFTLanguage::Create without HTML sanitization and subsequently rendered unsanitized by ViewLanguage.RenderGrid. An...