15202 matches found
GIMP 安全漏洞
GIMP is an open-source bitmap image editor developed by the GIMP team. GIMP has a security vulnerability that stems from the improper validation of data length during the parsing of ICO files. This issue occurs when data provided by users is copied into a heap-based buffer without proper validati...
PDF-XChange Editor 代码问题漏洞
PDF-XChange Editor is a PDF file viewing software developed by PDF-XChange Company, which runs on Microsoft Windows systems. PDF-XChange Editor has a code vulnerability that stems from the TrackerUpdate process loading libraries from an insecure location, which may lead to local privilege...
WordPress plugin WooCommerce Bulk Product Editor 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
GIMP 缓冲区错误漏洞
GIMP is an open-source bitmap image editor developed by the GIMP team. GIMP has a buffer error vulnerability, which stems from the lack of validation of data provided to users during the parsing of XWD files. This vulnerability may lead to out-of-bounds writing and remote code execution...
GHSA-34P4-7W83-35G2 Formwork Improperly Managed Privileges in User creation
Summary The application fails to properly enforce role-based authorization during account creation. Although the system validates that the specified role exists, it does not verify whether the current user has sufficient privileges to assign highly privileged roles such as admin. As a result, an...
Formwork Improperly Managed Privileges in User creation
Summary The application fails to properly enforce role-based authorization during account creation. Although the system validates that the specified role exists, it does not verify whether the current user has sufficient privileges to assign highly privileged roles such as admin. As a result, an...
CVE-2026-26059 ChurchCRM has Stored Cross-Site Scripting (XSS) in GroupEditor.php
ChurchCRM is an open-source church management system. In versions prior to 6.8.2, it was possible for an authenticated user with permission to edit groups to store a JavaScript payload that would execute when the group was viewed in the Group View. Version 6.8.2 fixes this issue...
CVE-2026-26059
CVE-2026-26059 affects ChurchCRM prior to 6.8.2 and is a stored XSS in GroupEditor.php: an authenticated user with group-edit permissions could store a JavaScript payload that executes when the group is viewed. The issue is fixed in version 6.8.2. If upgrading is possible, apply 6.8.2 or newer to...
CVE-2026-26059 ChurchCRM has Stored Cross-Site Scripting (XSS) in GroupEditor.php
ChurchCRM is an open-source church management system. In versions prior to 6.8.2, it was possible for an authenticated user with permission to edit groups to store a JavaScript payload that would execute when the group was viewed in the Group View. Version 6.8.2 fixes this issue...
CVE-2026-26059 ChurchCRM has Stored Cross-Site Scripting (XSS) in GroupEditor.php
ChurchCRM is an open-source church management system. In versions prior to 6.8.2, it was possible for an authenticated user with permission to edit groups to store a JavaScript payload that would execute when the group was viewed in the Group View. Version 6.8.2 fixes this issue...
@budibase/server (>=3.32.1 <=3.38.1), @builders-of-stuff/svelte-sui-wallet-adapter (>=0.6.6 <=2.1.0) +53 more potentially affected by CVE-2026-27122 via svelte (>=5.0.0-next.1 <=5.51.2)
svelte NPM version =5.0.0-next.1, =3.32.1, =0.6.6, =4.0.0-alpha.1, =4.0.0-alpha.1, =0.1.0, =0.0.1, =1.3.0, =0.1.4, =0.0.20, =0.15.0, =1.1.0-beta.0, =5.0.0-next.80, =0.1.1-alpha.24, =0.1.3-next.2 and more Source cves: CVE-2026-27122 Source advisory: SNYK:JS-SVELTE-15322733...
@budibase/server (>=3.32.1 <=3.38.1), @builders-of-stuff/svelte-sui-wallet-adapter (>=0.6.6 <=2.1.0) +53 more potentially affected by CVE-2026-27121 via svelte (>=5.0.0-next.1 <=5.51.2)
svelte NPM version =5.0.0-next.1, =3.32.1, =0.6.6, =4.0.0-alpha.1, =4.0.0-alpha.1, =0.1.0, =0.0.1, =1.3.0, =0.1.4, =0.0.20, =0.15.0, =1.1.0-beta.0, =5.0.0-next.80, =0.1.1-alpha.24, =0.1.3-next.2 and more Source cves: CVE-2026-27121 Source advisory: SNYK:JS-SVELTE-15322788...
CVE-2026-26047
A denial-of-service vulnerability was identified in Moodle’s TeX formula editor. When rendering TeX content using mimetex, insufficient execution time limits could allow specially crafted formulas to consume excessive server resources. An authenticated user could abuse this behavior to degrade...
CVE-2025-14270
The OneClick Chat to Order plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.0.9. This is due to the plugin not properly verifying that a user is authorized to perform an action in the waordernumbersavenumberfield function. This makes it possible for...
CVE-2025-12027
The Mesmerize Companion plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the "openPageInCustomizer" and "openPageInDefaultEditor" functions in all versions up to, and including, 1.6.158. This makes it possible for authenticate...
CVE-2025-14270
CVE-2025-14270 (OneClick Chat to Order, WordPress) The WordPress plugin is vulnerable to an authorization bypass in versions
CVE-2025-14270 OneClick Chat to Order <= 1.0.9 - Missing Authorization to Authenticated (Editor+) Plugin Settings Update
The OneClick Chat to Order plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.0.9. This is due to the plugin not properly verifying that a user is authorized to perform an action in the waordernumbersavenumberfield function. This makes it possible for...
CVE-2025-14270 OneClick Chat to Order <= 1.0.9 - Missing Authorization to Authenticated (Editor+) Plugin Settings Update
The OneClick Chat to Order plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.0.9. This is due to the plugin not properly verifying that a user is authorized to perform an action in the waordernumbersavenumberfield function. This makes it possible for...
CVE-2025-12027 Mesmerize Companion <= 1.6.158 - Missing Authorization Authenticated (Subscriber+) Settings Update
The Mesmerize Companion plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the "openPageInCustomizer" and "openPageInDefaultEditor" functions in all versions up to, and including, 1.6.158. This makes it possible for authenticate...
CVE-2025-12027 Mesmerize Companion <= 1.6.158 - Missing Authorization Authenticated (Subscriber+) Settings Update
The Mesmerize Companion plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the "openPageInCustomizer" and "openPageInDefaultEditor" functions in all versions up to, and including, 1.6.158. This makes it possible for authenticate...