EUVD-2026-35713

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...

SocuSoft Flash Slideshow Maker Professional 安全漏洞

SocuSoft Flash Slideshow Maker Professional is a slideshow maker software from SocuSoft. A security vulnerability exists in SocuSoft Flash Slideshow Maker Professional version 5.20, which originates from a buffer overflow in the registration dialog box that could allow a local attacker to execute...

PT-2026-24528

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2025-64826

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2025-64792

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2025-64861

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2025-64804

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2025-64808 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2025-64799

Adobe Experience Manager (AEM) 6.5.23 and earlier is affected by a stored Cross-Site Scripting (XSS) vulnerability in vulnerable form fields. A low-privileged attacker can inject JavaScript, which may execute in a victim’s browser when visiting the page containing the vulnerable field. Remediatio...

GHSA-XJ9J-GJXG-7JVQ REDAXO CMS is vulnerable to RCE attack through its template management component

A Remote Code Execution RCE vulnerability in the template management component in REDAXO CMS 5.20.0 allows remote authenticated administrators to execute arbitrary operating system commands by injecting PHP code into an active template. The payload is executed when visitors access frontend pages...

CVE-2025-64049

A stored cross-site scripting XSS vulnerability in the module management component in REDAXO CMS 5.20.0 allows remote users to inject arbitrary web script or HTML via the Output code field in modules. The payload is executed when a user views or edits an article by adding slice that uses the...

EUVD-2025-34775

Strapi core vulnerable to sensitive data exposure via CORS misconfiguration...

Origin Validation Error

Overview @strapi/core is a Core of Strapi Affected versions of this package are vulnerable to Origin Validation Error due to the improper validation of the Origin header in the CORS configuration. An attacker can access sensitive information by hosting a malicious site on a different origin and...

CVE-2025-53092 Strapi core vulnerable to sensitive data exposure via CORS misconfiguration

Strapi is an open source headless content management system. Strapi versions prior to 5.20.0 contain a CORS misconfiguration vulnerability in default installations. By default, Strapi reflects the value of the Origin header back in the Access-Control-Allow-Origin response header without proper...

CVE-2025-44964

A lack of SSL certificate validation in BlueStacks v5.20 allows attackers to execute a man-it-the-middle attack and obtain sensitive information...

CVE-2025-6756

The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's UACF7CUSTOMFIELDS shortcode in all versions up to, and including, 3.5.21 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2023-2614

Cross-site Scripting XSS - DOM in GitHub repository pimcore/pimcore prior to 10.5.21...

MegaBIP 安全漏洞

MegaBIP is a software for creating BIP websites from MegaBIP Inc. A security vulnerability exists in MegaBIP versions prior to 5.20, which stems from a password reset token being generated with too little space, which could lead to a brute force attack...

MegaBIP SQL注入漏洞

MegaBIP is a software for creating BIP websites from MegaBIP Inc. A SQL injection vulnerability exists in versions prior to MegaBIP 5.20 that stems from uncleaned user input and could lead to a SQL injection attack...

PT-2025-5485 · Enituretechnology · Enituretechnology Ltl Freight Quotes – Worldwide Express Edition

Name of the Vulnerable Software and Affected Versions: Eniture Technology LTL Freight Quotes – Worldwide Express Edition versions 5.0.20 and earlier Description: The issue is related to improper neutralization of special elements used in an SQL command, which allows SQL injection. This means an...