64 matches found
"FOD" App uses hard-coded cryptographic keys
Overview "FOD" App provided by Fuji Television Network, Inc. uses hard-coded cryptographic keys Use of hard-coded cryptographic key CWE-321 - CVE-2025-64304 The keys are used in the processing of JWT data. Impact The cryptographic keys may be retrieved. The developer considers that the impact is...
CVE-2025-11446
Insertion of Sensitive Information into Log File vulnerability in upKeeper Solutions upKeeper Manager allows Use of Known Domain Credentials.This issue affects upKeeper Manager: from 5.2.0 before 5.2.12...
CVE-2025-11446
Insertion of Sensitive Information into Log File vulnerability in upKeeper Solutions upKeeper Manager allows Use of Known Domain Credentials.This issue affects upKeeper Manager: from 5.2.0 before 5.2.12...
CVE-2025-12953
Summary (CVE-2025-12953): The WordPress plugin “Classified Listing – AI-Powered Classified ads & Business Directory Plugin” has a data-modification vulnerability due to a missing capability check in rtcl_ajax_add_listing_type, rtcl_ajax_update_listing_type, and rtcl_ajax_delete_listing_type. Affe...
WordPress Classified Listing plugin <= 5.2.0 - Missing Authorization to Authenticated (Subscriber+) Listing Types Tampering vulnerability
Missing Authorization to Authenticated Subscriber+ Listing Types Tampering vulnerability discovered by Rafshanzani Suhada in WordPress Plugin Classified Listing versions = 5.2.0...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to an open redirect attack due to the Eclipse Jetty package (CVE-2024-6763)
Summary Eclipse Jetty is used by DataStage on Cloud Pak for Data as part of the server processing functionality. Vulnerability Details CVEID:CVE-2024-6763 DESCRIPTION: Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI,...
aa-altcorp (>=0.1.2b0 <=1.1.1), aa-alumni (>=0.0.1a1 <=1.0.1) +1461 more potentially affected by CVE-2025-57833 via django (>=5.2.0 <=5.2.5)
django PYPI version =5.2.0, =0.1.2b0, =0.0.1a1, =0.1.1, =3.1.0b1, =1.0.3, =0.0.1a2, =0.1.0, =0.2.0, =1.0.0, =1.1.0b3, =0.1.0b1, =0.1.0, =1.1.0 and more Source cves: CVE-2025-57833 Source advisory: SNYK:PYTHON-DJANGO-12485156...
Honeywell Experion PKS 安全漏洞
Honeywell Experion PKS is a process automation system from Honeywell USA. A security vulnerability exists in Honeywell Experion PKS versions 520.1 to 520.2 TCU9 and 530 to 530 TCU3, which stems from uninitialized variables and could result in a denial of service...
CVE-2025-6007
A vulnerability, which was classified as critical, was found in kiCode111 like-girl 5.2.0. Affected is an unknown function of the file /admin/CopyadminPost.php. The manipulation of the argument icp/Copyright leads to sql injection. It is possible to launch the attack remotely. The exploit has bee...
CVE-2025-6005
A vulnerability classified as critical was found in kiCode111 like-girl 5.2.0. This vulnerability affects unknown code of the file /admin/aboutPost.php. The manipulation of the argument...
like-girl 安全漏洞
like-girl is a couple logging tool by the individual developer of kiCode111 in China. A security vulnerability exists in like-girl version 5.2.0, which originates from the parameter...
CVE-2025-40635 SQL injection at Comerzzia
SQL injection vulnerability in Comerzzia Backoffice: Sales Orchestrator 3.0.15. This vulnerability allows an attacker to retrieve, create, update and delete databases via the ‘uidActivity’, ‘codCompany’ and ‘uidInstance’ parameters of the ‘/comerzzia/login’ endpoint...
Drupal Enterprise MFA - TFA for Drupal 安全漏洞
Drupal Enterprise MFA - TFA for Drupal is a module plugin in the Drupal content management system for the Drupal community. A security vulnerability exists in Drupal Enterprise MFA - TFA for Drupal versions prior to 5.2.0, which stems from the use of an alternate path or channel to bypass...
Drupal Enterprise MFA - TFA for Drupal 安全漏洞
Drupal Enterprise MFA - TFA for Drupal is a module plugin in the Drupal content management system for the Drupal community. A security vulnerability exists in Drupal Enterprise MFA - TFA for Drupal versions prior to 5.2.0, which stems from the use of an alternate path or channel to bypass...
cg-django-uaa (=2.1.9), django-admin-flexlist (>=0.1.0 <=1.0.3) +11 more potentially affected by CVE-2025-32873 via django (>=5.2.0 <=5.2.0rc1)
django PYPI version =5.2.0, =0.1.0, =1.92.0.5, =4.2.0, =3.0.0, =0.1.0, =5.2.0, =1.0.0, =0.103.0, =1.2.4, =1.2.7 Source cves: CVE-2025-32873 Source advisory: OSV:GHSA-8J24-CJRQ-GR2M...
MangoOS 安全漏洞
MangoOS is an open source JavaScript object-oriented programming library from Automattic. A security vulnerability exists in MangoOS versions prior to 5.2.0, which stems from authenticated Remote Code Execution RCE via the Active Process Command feature...
faradaysec (>=3.14.1 <=5.20.1), flask-authoob (>=0.0.21 <=0.0.34) +13 more potentially affected by CVE-2023-49438 via flask-security-too (>=3.2.0rc1 <=5.2.0)
flask-security-too PYPI version =3.2.0rc1, =3.14.1, =0.0.21, =0.3.1, =4.22.0, =6.0.1, =7.0.0, =6.0.0, =7.0.8.dev28841, =2.0.0, =3.5.6.dev19088, =1.0.3.dev126, =3.1.0, =2.1.0, =0.0.21, =1.0.2.dev51 Source cves: CVE-2023-49438 Source advisory: OSV:PYSEC-2023-248...
openCRX Security Vulnerabilities
openCRX is an open source Crm software. A security vulnerability exists in openCRX version 5.2.0, which originated from a vulnerability that allows attackers to perform HTML injection attacks via the Product Name field...
PT-2023-27651 · Opencrx · Opencrx
Name of the Vulnerable Software and Affected Versions: OpenCRX version 5.2.0 Description: The issue allows for HTML injection via the Accounts Name Field. Recommendations: For OpenCRX version 5.2.0, update to a version that fixes this issue. At the moment, there is no information about a newer...
cloud.piranha.extension:piranha-extension-hazelcast (>=22.12.0 <=23.4.0), cloud.piranha:debug (>=22.12.0 <=23.1.0) +201 more potentially affected by CVE-2023-33265 via com.hazelcast:hazelcast (>=5.2.0 <=5.2.3)
com.hazelcast:hazelcast MAVEN version =5.2.0, =22.12.0, =22.12.0, =23.1.0 - cn.vertxup:aeon-ambient =0.9.0 - cn.vertxup:aeon-aurora =0.9.0 - cn.vertxup:aeon-code =0.9.0 - cn.vertxup:aeon-cosmos =0.9.0 - cn.vertxup:aeon-ecology =0.9.0 - cn.vertxup:aeon-edge =0.9.0 - cn.vertxup:aeon-eternal =0.9.0 ...