CVE-2025-61550

Cross-Site Scripting XSS is present on the ctl00Content01fieldValue parameters on the /psp/appNet/TemplateOrder/TemplatePreview.aspx endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 fixed in 19.69. User-supplied input is stored and later rendered in HTML pages without prope...

CVE-2025-61550

CVE-2025-61550 affects edu Business Solutions Print Shop Pro WebDesk 18.34. The stored XSS occurs in ctl00_Content01_fieldValue parameters via /psp/appNet/TemplateOrder/TemplatePreview.aspx, where user input is stored and later rendered in HTML without proper output encoding or sanitization. This...

CVE-2025-11980

The Quick Featured Images plugin for WordPress is vulnerable to SQL Injection via the 'deleteorphaned' function in all versions up to, and including, 13.7.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

Wimi Teamwork 安全漏洞

Wimi Teamwork is a team collaboration cloud platform from Wimi USA. A security vulnerability exists in Wimi Teamwork versions prior to 7.38.17 that stems from the API not validating the csrftoken field value, which could lead to a cross-site request forgery attack...

EUVD-2025-25649

Malicious code in bioql PyPI...

CVE-2025-9391

A weakness has been identified in Bjskzy Zhiyou ERP up to 11.0. Affected by this issue is the function getFieldValue of the component com.artery.workflow.ServiceImpl. This manipulation of the argument sql causes sql injection. The attack may be initiated remotely. The exploit has been made...

CVE-2025-9391

A weakness has been identified in Bjskzy Zhiyou ERP up to 11.0. Affected by this issue is the function getFieldValue of the component com.artery.workflow.ServiceImpl. This manipulation of the argument sql causes sql injection. The attack may be initiated remotely. The exploit has been made...

PT-2025-16116 · WordPress · Everest Forms

Name of the Vulnerable Software and Affected Versions: Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress versions up to, and including, 3.1.1 Description: The vulnerability allows unauthenticated attackers to inject a PHP Object via deserialization of...

GHSA-3QX8-RV27-J6GP Undefined behaviour in `kvm_ioctls::ioctls::vm::VmFd::create_device`

An issue was identified in the VmFd::createdevice function, leading to undefined behavior and miscompilations on rustc 1.82.0 and newer due to the function's violation of Rust's pointer safety rules. The function downcasted a mutable reference to its struct kvmcreatedevice argument to an immutabl...

WordPress AutomatorWP plugin <= 5.0.9 - Reflected Cross-Site Scripting via a-0-o-search_field_value vulnerability

Reflected Cross-Site Scripting via a-0-o-searchfieldvalue vulnerability discovered by Vincent Fourcade vinceMatsui in WordPress Plugin AutomatorWP versions = 5.0.9...

PT-2024-40214 · Surrealdb · Surrealdb

Name of the Vulnerable Software and Affected Versions: SurrealDB versions prior to 2.0.4 Description: The issue arises from the order in which permissions are processed, leading to potential leaks of field values or record contents to users without the required permissions. This can occur in...

Foxit PDF Editor < 11.2.8 Multiple Vulnerabilities

According to its version, the Foxit PDF Editor application previously named Foxit PhantomPDF installed on the remote Windows host is prior to 11.2.8. It is, therefore affected by multiple vulnerabilities: - A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles 3D...

Type confusion

A type confusion vulnerability exists in the way Foxit Reader 12.1.2.15356 handles field value properties. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker...

PT-2023-7346 · Foxit · Foxit Pdf Reader

Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader versions 12.1.2.15356 Description: The issue is related to a type confusion vulnerability in the way Foxit Reader handles field value properties. This can be triggered by a specially crafted Javascript code inside a malicious...

Foxit PDF Editor < 2023.3 Multiple Vulnerabilities

According to its version, the Foxit PDF Editor application previously named Foxit PhantomPDF installed on the remote Windows host is prior to 2023.3. It is, therefore affected by multiple vulnerabilities: - A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles 3D...

WordPress Plugin 'Advanced Custom Fields' < 5.12.4, 6.x < 6.0.3 Custom Field Value Exposure

The WordPress application running on the remote host has a version of the 'Advanced Custom Fields' plugin that is prior to 5.12.4 or 6.x prior to 6.0.3. It is, therefore, affected by a custom field value exposure through parsed shortcode from user input vulnerability. Note that Nessus has not...

WordPress Advanced Custom Fields plugin 3.1.1 - 6.0.2 - Custom Field Value Exposure vulnerability

Custom Field Value Exposure Through Parsed Shortcode from User Input vulnerability discovered by Juan Hoffmann in WordPress Advanced Custom Fields plugin versions 3.1.1 - 6.0.2. Solution Update the WordPress Advanced Custom Fields plugin to the latest available version at least 6.0.3...

Twig Field Value - Moderately critical - Access bypass - SA-CONTRIB-2022-058

This module enables themers to get partial data from field render arrays. It gives them more control over the output without drilling deep into the render array or using preprocess functions. The module doesn't sufficiently apply access restrictions when using the filters fieldlabel, fieldvalue,...

PYSEC-2022-233

opensshkeyparser is an open source Python package providing utilities to parse and pack OpenSSH private and public key files. In versions prior to 0.0.6 if a field of a key is shorter than it is declared to be, the parser raises an error with a message containing the raw field value. An attacker...

PYSEC-2022-233

opensshkeyparser is an open source Python package providing utilities to parse and pack OpenSSH private and public key files. In versions prior to 0.0.6 if a field of a key is shorter than it is declared to be, the parser raises an error with a message containing the raw field value. An attacker...