CVE-2024-12374

A stored cross-site scripting XSS vulnerability exists in automatic1111/stable-diffusion-webui version git 82a973c. An attacker can upload an HTML file, which the application interprets as content-type application/html. If a victim accesses the malicious link, it will execute arbitrary JavaScript...

CVE-2024-7764

Vanna-ai v0.6.2 is vulnerable to SQL Injection due to insufficient protection against injecting additional SQL commands from user requests. The vulnerability occurs when the generatesql function calls extractsql with the LLM response. An attacker can include a semi-colon between a search data fie...

CVE-2025-1971

The Export and Import Users and Customers plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.2 via deserialization of untrusted input from the 'formdata' parameter. This makes it possible for authenticated attackers, with Administrator-level acces...

CVE-2024-48591

Inflectra SpiraTeam 7.2.00 is vulnerable to Cross Site Scripting XSS. A specially crafted SVG file can be uploaded that will render and execute JavaScript upon direct viewing...

Incorrect Authorization

Overview github.com/mattermost/mattermost/server/v8/channels/api4 is a platform for secure collaboration across the entire software development lifecycle Affected versions of this package are vulnerable to Incorrect Authorization in command.go that allows a user to execute commands on archived...

Microsoft Edge 安全漏洞

Microsoft Edge is a web browser from Microsoft Corporation USA that comes with systems after Windows 10. A security vulnerability exists in Microsoft Edge that stems from allowing unauthorized attackers to execute code over the network...

msm_npu Race Condition / Memory Corruption

msmnpu has a race condition between npuhostunloadnetwork and npuhostexecnetworkv2 that leads to memory corruption...

CVE-2024-12563

The s2Member Pro plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 250214 via the 'template' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the...

GHSA-QVG9-VP87-H3HR composio Server-Side Request Forgery (SSRF) vulnerability

A Server-Side Request Forgery SSRF vulnerability exists in composiohq/composio version v0.4.2, specifically in the /api/actions/execute/WEBTOOLSCRAPEWEBSITECONTENT endpoint. This vulnerability allows an attacker to read files, access AWS metadata, and interact with local services on the system...

CVE-2024-48591

CVE-2024-48591 affects Inflectra SpiraTeam 7.2.00. The vulnerability is a Cross Site Scripting (XSS) flaw where uploading a specially crafted SVG file can be viewed to render and execute JavaScript in the user’s browser. The CVSS 3.1 base score is 6.1 (MEDIUM): Network attack vector, low attack c...

CVE-2025-29411

An arbitrary file upload vulnerability in the Client Profile Update section of Mart Developers iBanking v2.0.0 allows attackers to execute arbitrary code via uploading a crafted PHP file...

CVE-2025-29411

An arbitrary file upload vulnerability in the Client Profile Update section of Mart Developers iBanking v2.0.0 allows attackers to execute arbitrary code via uploading a crafted PHP file...

CVE-2024-13410

CVE-2024-13410 affects CozyStay <= 1.7.0 and TinySalt

CVE-2025-26127

A stored cross-site scripting XSS vulnerability in the Send for Approval function of FileCloud v23.241.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2025-29405

An arbitrary file upload vulnerability in the component /admin/template.php of emlog pro 2.5.0 and pro 2.5. allows attackers to execute arbitrary code via uploading a crafted PHP file...

UBUNTU-CVE-2025-24801

GLPI is a free asset and IT management software package. An authenticated user can upload and force the execution of .php files located on the GLPI server. This vulnerability is fixed in 10.0.18...

CVE-2024-21760

An improper control of generation of code 'Code Injection' vulnerability CWE-94 in FortiSOAR Connector FortiSOAR 7.4 all versions, 7.3 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an authenticated attacker to execute arbitrary code on the host via a playbook code...

The vulnerability of the Mozilla Firefox browser and the Thunderbird email client involves a buffer overflow in dynamic memory, allowing an attacker to execute arbitrary code.

The vulnerability of the Mozilla Firefox browser and the Thunderbird email client is related to overflowing buffers in dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

CVE-2025-26127

FileCloud v23.241.2 contains a stored XSS in the Send for Approval feature. The vulnerability allows an attacker to execute arbitrary web scripts or HTML in the victim’s browser via a crafted payload. CVSSv3.1 base score 5.0 (medium); vector: AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L. No explicit explo...

CVE-2025-26127

A stored cross-site scripting XSS vulnerability in the Send for Approval function of FileCloud v23.241.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...