10268 matches found
EUVD-2026-2767
Isshue Shopping Cart 3.5 contains a persistent cross-site scripting vulnerability in title input fields across stock, customer, and invoice modules. Attackers with privileged user accounts can inject malicious scripts that execute on preview, potentially enabling session hijacking and persistent...
CVE-2021-47764
AbsoluteTelnet 11.24 is affected by a denial-of-service vulnerability triggered by crafting a 1000-character payload and injecting it into the DialUp connection and license name fields. The vulnerability description across sources specifies that local attackers can crash the application, causing ...
CVE-2026-0813
The Short Link plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'shortlinkposttitle' and 'shortlinkpagetitle' parameters in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...
CVE-2025-14448
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Multiple Checkbox and Multiple Select user profile fields in all versions up to, and including, 3.5.4.3 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-14448
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Multiple Checkbox and Multiple Select user profile fields in all versions up to, and including, 3.5.4.3 due to insufficient input sanitization and output escaping. This makes it possible for...
EUVD-2026-2829
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Multiple Checkbox and Multiple Select user profile fields in all versions up to, and including, 3.5.4.3 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-14448 WP-Members Membership Plugin <= 3.5.4.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Multiple Checkbox and Multiple Select User Profile Fields
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Multiple Checkbox and Multiple Select user profile fields in all versions up to, and including, 3.5.4.3 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-14448
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Multiple Checkbox and Multiple Select user profile fields in all versions up to, and including, 3.5.4.3 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-14448 WP-Members Membership Plugin <= 3.5.4.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Multiple Checkbox and Multiple Select User Profile Fields
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Multiple Checkbox and Multiple Select user profile fields in all versions up to, and including, 3.5.4.3 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-14448
Summary: CVE-2025-14448 affects the WordPress WP-Members Membership Plugin. The vulnerability is a Stored Cross-Site Scripting (XSS) flaw in the Multiple Checkbox and Multiple Select user profile fields. The issue arises from insufficient input sanitization and output escaping in all versions up ...
CVE-2025-71101
In the Linux kernel, the following vulnerability has been resolved: platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing The hppopulateelementsfrompackage functions in the hp-bioscfg driver contain out-of-bounds array access vulnerabilities. These functions parse ACPI...
PT-2026-2982
Name of the Vulnerable Software and Affected Versions WP-Members Membership Plugin versions up to and including 3.5.4.3 Description The WP-Members Membership Plugin for WordPress is susceptible to Stored Cross-Site Scripting through the Multiple Checkbox and Multiple Select user profile fields...
Bdtask Isshue Shopping Cart security vulnerability
Bdtask Isshue Shopping Cart is an e-commerce shopping cart software system developed by the Bangladeshi company Bdtask. Version 3.5 of Bdtask Isshue Shopping Cart contains a security vulnerability. This vulnerability stems from persistent cross-site scripting in the title input fields of the...
Celestial AbsoluteTelnet Buffer Error Vulnerability
Celestial AbsoluteTelnet is a Telnet/SSH terminal client software developed by the American company Celestial. Version 11.24 of Celestial AbsoluteTelnet contains a buffer error vulnerability. This vulnerability stems from manipulating the DialUp connection and license name fields, which could all...
PT-2026-3046
RDP Manager 4.9.9.3 contains a denial of service vulnerability in connection input fields that allows local attackers to crash the application. Attackers can add oversized entries in Verbindungsname and Server fields to permanently freeze and crash the software, potentially requiring full...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002018)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002018 advisory. The sctpsfdo51Dce function in net/sctp/smstatefuns.c in the Linux kernel through 3.13.6 does not validate certain authenable and authcapable fields before making an...
CVE-2022-50937
Ametys CMS v4.4.1 contains a persistent cross-site scripting vulnerability in the link directory's input fields for external links. Attackers can inject malicious script code in link text and descriptions to execute persistent attacks that compromise user sessions and manipulate application modul...
SQL Injection
Overview pimcore/pimcore is a content & product management framework CMS/PIM/E-Commerce. Affected versions of this package are vulnerable to SQL Injection via the fields parameter in the admin search API endpoint. An attacker can access sensitive database information and potentially compromise th...
CVE-2026-23477
Rocket.Chat is an open-source, secure, fully customizable communications platform. In Rocket.Chat versions up to 6.12.0, the API endpoint GET /api/v1/oauth-apps.get is exposed to any authenticated user, regardless of their role or permissions. This endpoint returns an OAuth application, as long a...
CVE-2025-71113 crypto: af_alg - zero initialize memory allocated via sock_kmalloc
In the Linux kernel, the following vulnerability has been resolved: crypto: afalg - zero initialize memory allocated via sockkmalloc Several crypto user API contexts and requests allocated with sockkmalloc were left uninitialized, relying on callers to set fields explicitly. This resulted in the...