RealtyScript SQL注入漏洞

RealtyScript is a real estate website management system developed by RealtyScript Inc. Version 4.0.2 of RealtyScript has a SQL injection vulnerability. This vulnerability stems from time-based blind SQL injections, which may allow unverified attackers to extract database information by injecting...

CVE-2025-68894

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in shoutoutglobal ShoutOut shoutout allows Reflected XSS.This issue affects ShoutOut: from n/a through = 4.0.2...

CVE-2025-62725 Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations

Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker‑supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cac...

Improper Isolation or Compartmentalization

Overview Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization of Groovy code provided by delegated administrators. A privileged attacker can execute arbitrary code remotely by providing malicious Groovy implementations that are loaded and executed by the...

CVE-2025-61595 MANTRA tx gas limit is not enforced in send hooks

MANTRA is a purpose-built RWA Layer 1 Blockchain, capable of adherence to real world regulatory requirements. Versions 4.0.1 and below do not enforce the tx gas limit in its send hooks. Send hooks can spend more gas than what remains in tx, combined with recursive calls in the wasm contract,...

PT-2025-40050

Impact send hooks can spend more gas than what's remained in tx, combined with recursive calls in the wasm contract, can amplify the gas consumption exponentially. Patches It's patched in v4.0.2 and v5.0.0 Workarounds Is there a way for users to fix or remediate the vulnerability without upgradin...

Authorization Bypass Through User-Controlled Key

Overview renolit/reint-downloadmanager is a simple download manager with different views of file collections as downloadable lists. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the downloaduid parameter in the downloadAction. An attacker...

WordPress Bubble Menu Plugin <= 4.0.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Khang Duong in WordPress Plugin Bubble Menu – circle floating menu versions = 4.0.2...

PT-2025-5528 · Unknown · Bubble Menu

Name of the Vulnerable Software and Affected Versions: Bubble Menu – circle floating menu versions through 4.0.2 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows Cross Site Request Forgery. Recommendations: For versions through 4.0.2, update to a version lat...

WordPress MPG plugin <= 4.0.2 - Authenticated (Editor+) Directory Traversal to Limited File Deletion vulnerability

Authenticated Editor+ Directory Traversal to Limited File Deletion vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin MPG versions = 4.0.2...

PT-2024-30257 · Unknown · Tosei Online Store Management System

Name of the Vulnerable Software and Affected Versions: TOSEI online store management system versions v4.02 through v4.04 Description: An issue in the downloader.php component allows attackers to execute a directory traversal. Recommendations: For versions v4.02 through v4.04, consider disabling t...

PT-2024-12658 · Inspirythemes · Realhome

Name of the Vulnerable Software and Affected Versions: Inspirythemes RealHomes versions through 4.0.2 Description: The issue is related to a Missing Authorization vulnerability in InspiryThemes RealHomes. Recommendations: For versions through 4.0.2, update to a version later than 4.0.2 to resolve...

CVE-2023-5775

The BackWPup plugin for WordPress is vulnerable to Plaintext Storage of Backup Destination Password in all versions up to, and including, 4.0.2. This is due to to the plugin improperly storing backup destination passwords in plaintext. This makes it possible for authenticated attackers, with...

PT-2023-8864 · Unknown +1 · Minizip-Ng +1

Name of the Vulnerable Software and Affected Versions: minizip-ng version 4.0.2 Description: The issue is related to a Buffer Overflow vulnerability in the mz path has slash function, located in the mz os.c file, which can be exploited by an attacker using a crafted file. This could allow a remot...

CVE-2023-25459

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Postsnippets Post Snippets plugin = 4.0.2 versions...

CVE-2023-23650

Auth. subscriber+ Stored Cross-Site Scripting XSS vulnerability in MainWP MainWP Code Snippets Extension plugin = 4.0.2 versions...

SUSE CVE-2013-6416

Cross-site scripting XSS vulnerability in the simpleformat helper in actionpack/lib/actionview/helpers/texthelper.rb in Ruby on Rails 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML attribute...

SUSE CVE-2019-12105

In Supervisor through 4.0.2, an unauthenticated user can read log files or restart a service. Note: The maintainer responded that the affected component, inethttpserver, is not enabled by default but if the user enables it and does not set a password, Supervisor logs a warning message. The...

PT-2023-16249 · Wireshark +3 · Wireshark +3

Name of the Vulnerable Software and Affected Versions: Wireshark versions 3.6.0 through 3.6.10 Wireshark versions 4.0.0 through 4.0.2 Description: The issue is related to excessive loops in multiple dissectors, which allows for denial of service via packet injection or crafted capture file...

Xiongmai Camera XM-JPR2-LX 安全漏洞

Xiongmai Camera XM-JPR2-LX is a video surveillance device from China Xiongmai Technology Xiongmai Company. A security vulnerability exists in the Xiongmai Camera XM-JPR2-LX version V4.02.R12.A6420987.10002.147502.00000, which originates from the vulnerability of the device to account theft...