10271 matches found
Zlib compressed protocol header length confusion may allow memory read
Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0 versions prior to 8.0.17, MongoDB Server v8.2 versions prior to 8.2.3,...
CVE-2025-49379
Incorrect Privilege Assignment vulnerability in silverplugins217 Custom Fields Account Registration For Woocommerce custom-fields-account-registration-for-woocommerce allows Privilege Escalation.This issue affects Custom Fields Account Registration For Woocommerce: from n/a through = 1.2...
Konica Bizhub Multifunction Printers Cross-site Scripting (CVE-2025-5884)
Cross-site scripting vulnerability CWE94, CWE-79 was found in the specific input fields of the Web Connection. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid504858; scriptversion"1.2"; scriptsetattributeattribute:"pluginmodificationdate", value:"2026/02/20";...
CVE-2022-50681
A reflected cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via administration input fields in the Rich text editor component. Attackers can exploit this vulnerability to execute arbitrary scripts in users' browsers...
CVE-2022-50684
An HTML injection vulnerability in Kentico Xperience allows attackers to inject malicious HTML values into form submission emails via unencoded form fields. Unencoded form values could enable HTML content execution in recipient email clients, potentially compromising email security...
CVE-2022-50684
An HTML injection vulnerability in Kentico Xperience allows attackers to inject malicious HTML values into form submission emails via unencoded form fields. Unencoded form values could enable HTML content execution in recipient email clients, potentially compromising email security...
CVE-2022-50684
Summary of CVE-2022-50684 (Kentico Xperience HTML injection) An HTML injection vulnerability affects Kentico Xperience through unencoded form fields used in form submission emails. The underlying issue is lack of proper filtering/escaping of user-supplied data, allowing injected HTML content to b...
CVE-2022-50684 Kentico Xperience <= 13.0.71 Form Emails HTML Injection
An HTML injection vulnerability in Kentico Xperience allows attackers to inject malicious HTML values into form submission emails via unencoded form fields. Unencoded form values could enable HTML content execution in recipient email clients, potentially compromising email security...
CVE-2022-50684 Kentico Xperience <= 13.0.71 Form Emails HTML Injection
An HTML injection vulnerability in Kentico Xperience allows attackers to inject malicious HTML values into form submission emails via unencoded form fields. Unencoded form values could enable HTML content execution in recipient email clients, potentially compromising email security...
CVE-2022-50681 Kentico Xperience <= 13.0.88 Rich Text Editor Reflected XSS
A reflected cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via administration input fields in the Rich text editor component. Attackers can exploit this vulnerability to execute arbitrary scripts in users' browsers...
EUVD-2025-204231
Incorrect Privilege Assignment vulnerability in silverplugins217 Custom Fields Account Registration For Woocommerce custom-fields-account-registration-for-woocommerce allows Privilege Escalation.This issue affects Custom Fields Account Registration For Woocommerce: from n/a through = 1.2...
CVE-2025-49379
Incorrect Privilege Assignment vulnerability in silverplugins217 Custom Fields Account Registration For Woocommerce custom-fields-account-registration-for-woocommerce allows Privilege Escalation.This issue affects Custom Fields Account Registration For Woocommerce: from n/a through = 1.2...
CVE-2025-49379 WordPress Custom Fields Account Registration For Woocommerce plugin <= 1.2 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in silverplugins217 Custom Fields Account Registration For Woocommerce custom-fields-account-registration-for-woocommerce allows Privilege Escalation.This issue affects Custom Fields Account Registration For Woocommerce: from n/a through = 1.2...
CVE-2025-49379
CVE-2025-49379 affects the WordPress plugin Custom Fields Account Registration For Woocommerce (plugin slug: custom-fields-account-registration-for-woocommerce) with versions n/a through 1.2. The issue is described as Incorrect Privilege Assignment, enabling Privilege Escalation. Connected docume...
CVE-2025-49379 WordPress Custom Fields Account Registration For Woocommerce plugin <= 1.2 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in silverplugins217 Custom Fields Account Registration For Woocommerce custom-fields-account-registration-for-woocommerce allows Privilege Escalation.This issue affects Custom Fields Account Registration For Woocommerce: from n/a through = 1.2...
PT-2025-52303
Name of the Vulnerable Software and Affected Versions Kentico Xperience affected versions not specified Description A reflected cross-site scripting issue exists in Kentico Xperience. This allows attackers to inject malicious scripts through administration input fields within the Rich text editor...
WordPress plugin Custom Fields Account Registration For Woocommerce 安全漏洞
...
PT-2025-52015
Name of the Vulnerable Software and Affected Versions Custom Fields Account Registration For Woocommerce versions n/a through 1.2 Description A flaw exists in Custom Fields Account Registration For Woocommerce that allows for privilege escalation due to incorrect privilege assignment. This issue...
PT-2025-52306
Name of the Vulnerable Software and Affected Versions Kentico Xperience affected versions not specified Description A flaw exists in Kentico Xperience that permits the injection of malicious HTML into form submission emails. This occurs because form fields are not properly encoded, allowing...
Zenphoto 跨站脚本漏洞
Zenphoto is a content management system from Zenphoto open source. A cross-site scripting vulnerability exists in Zenphoto version 1.6, which stems from improperly cleared user zip code fields and could lead to a stored cross-site scripting attack...