PT-2026-32596

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 4.5.133 Description An SQL identifier injection exists in SQLiteConversationStore where the table prefix configuration value is directly concatenated into SQL queries using f-strings without validation or...

WordPress SlimStat Analytics plugin <= 5.3.3 - Unauthenticated Stored Cross-Site Scripting via 'fh' Parameter vulnerability

Unauthenticated Stored Cross-Site Scripting via 'fh' Parameter vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin Slimstat Analytics versions = 5.3.3...

CVE-2025-61950

In GroupSession, a Circular notice can be created with its memo field non-editable, but the authorization check is improperly implemented. With some crafted request, a logged-in user may alter the memo field. The affected products and versions are GroupSession Free edition prior to ver5.3.0,...

CVE-2025-62192

SQL Injection vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. If exploited, information stored in the database may be obtained or altered by an authenticated user...

CVE-2025-58576

Cross-site request forgery vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. If a user accesses a malicious page while logged in, unintended operations may be performed...

CVE-2025-57883

CVE-2025-57883 is a reflected cross-site scripting vulnerability affecting Japan Total System GroupSession components: Free edition prior to ver5.3.0, byCloud prior to ver5.3.3, and ZION prior to ver5.3.2. The issue allows an arbitrary script to run in the user’s browser when a crafted page or UR...

CVE-2025-57883

Reflected cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. If a user accesses a crafted page or URL, an arbitrary script may be executed on the web browser of the user...

Japan Total System多款产品 跨站请求伪造漏洞

Japan Total System GroupSession Free edition and others are an enterprise collaboration software from Japan Total System, Inc. A cross-site request forgery vulnerability exists in various Japan Total System products, which stems from a cross-site request forgery issue that could lead to the...

PT-2024-28113 · Unknown · Team Members

Name of the Vulnerable Software and Affected Versions: Team Members versions through 5.3.3 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendations: For versions...

SUSE CVE-2010-3710

Stack consumption vulnerability in the filtervar function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3, when FILTERVALIDATEEMAIL mode is used, allows remote attackers to cause a denial of service memory consumption and application crash via a long e-mail address string...

CVE-2021-36872 WordPress Popular Posts plugin <= 5.3.3 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability

Authenticated Persistent Cross-Site Scripting XSS vulnerability in WordPress Popular Posts plugin versions = 5.3.3. Vulnerable at &widget-wpp2posttype...

ElasticSearch X-Pack Security Information Disclosure Vulnerability

ElasticSearch X-Pack is an extension of the Elastic Stack log analysis system from the Dutch company Elasticsearch. security is one of the features used to control access rights. An information disclosure vulnerability exists in ElasticSearch X-Pack Security versions prior to 5.4.1 and versions...

php: stack-based buffer overflow in socket_connect()

Stack-based buffer overflow in the socketconnect function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow context-dependent attackers to execute arbitrary code via a long pathname for a UNIX socket...