1983 matches found
CVE-2025-70046
An issue pertaining to CWE-829: Inclusion of Functionality from Untrusted Control Sphere was discovered in Miazzy oa-front-service master...
Microsoft Azure Front Door Access Control Error Vulnerability
Microsoft Azure Front Door is a cloud-based content delivery network from Microsoft Corporation in the United States. An access control error vulnerability exists in Microsoft Azure Front Door, which can be exploited by an attacker to elevate privileges...
CVE-2026-27504
SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in radiomobilefront.php via the stationid query parameter. When an authenticated administrator views a crafted URL, the application embeds the unsanitized parameter value into a hidden input value field, allowi...
CVE-2026-27504
SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in radiomobilefront.php via the stationid query parameter. When an authenticated administrator views a crafted URL, the application embeds the unsanitized parameter value into a hidden input value field, allowi...
CVE-2026-27504 SVXportal <= 2.5 radiomobile_front.php stationid Reflected XSS
SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in radiomobilefront.php via the stationid query parameter. When an authenticated administrator views a crafted URL, the application embeds the unsanitized parameter value into a hidden input value field, allowi...
CVE-2026-27504
SVXportal
CVE-2026-27504 SVXportal <= 2.5 radiomobile_front.php stationid Reflected XSS
SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in radiomobilefront.php via the stationid query parameter. When an authenticated administrator views a crafted URL, the application embeds the unsanitized parameter value into a hidden input value field, allowi...
SVXportal 安全漏洞
SVXportal is a portal website developed by Peter as an individual developer. Versions of SVXportal 2.5 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the unchecked stationid parameter in the radiomobilefront.php file, which could lead to reflection-type...
PT-2026-21273
SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in radiomobile front.php via the stationid query parameter. When an authenticated administrator views a crafted URL, the application embeds the unsanitized parameter value into a hidden input value field,...
WordPress plugin Lizza LMS Pro 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
CVE-2026-2126
CVE-2026-2126 affects the WordPress plugin “User Submitted Posts – Enable Users to Submit Posts from the Front End.” The issue is Incorrect Authorization: the function usp_get_submitted_category() accepts user-submitted category IDs from POST without validating against configured allowed categori...
CVE-2026-2126 User Submitted Posts <= 20260113 - Incorrect Authorization to Unauthenticated Category Restriction Bypass via 'user-submitted-category' Parameter
The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 20260113. This is due to the uspgetsubmittedcategory function accepting user-submitted category IDs from the POST body...
python-eventlet: Eventlet HTTP request smuggling
A request smuggling flaw was found in the Eventlet PyPI library. The Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This vulnerability allows attackers to bypass front-end security controls, launch targeted attacks against active si...
[SECURITY] Fedora 42 Update: rust-redlib-0.35.1-10.fc42
Redlib is alternative private front-end to Reddit, with its origins in Libreddit. Redlib hopes to provide an easier way to browse Reddit, without the ads, trackers, and bloat...
dify 跨站脚本漏洞
dify is an open-source LLM application development platform developed by LangGenius. Versions of dify prior to 1.13.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from insufficient validation of inputs when echarts was used in the web application chat front-end,...
Vulnerabilities fixed in Microsoft Azure
Microsoft has fixed vulnerabilities in several Azure components. A malicious party could exploit the vulnerabilities to impersonate another user, potentially grant themselves elevated privileges and thus execute arbitrary code or gain access to sensitive data. Of the vulnerabilities labeled...
CVE-2026-24321 Information Disclosure vulnerability in SAP Commerce Cloud
SAP Commerce Cloud exposes multiple API endpoints to unauthenticated users, allowing them to submit requests to these open endpoints to retrieve sensitive information that is not intended to be publicly accessible via the front-end. This vulnerability has a low impact on confidentiality and does...
[SECURITY] Fedora 43 Update: rust-redlib-0.35.1-10.fc43
Redlib is alternative private front-end to Reddit, with its origins in Libreddit. Redlib hopes to provide an easier way to browse Reddit, without the ads, trackers, and bloat...
CVE-2026-24300
Azure Front Door Elevation of Privilege Vulnerability...
CVE-2026-25597
Summary (CVE-2026-25597): PrestaShop prior to 8.2.4 and 9.0.3 exposes a time-based user enumeration vulnerability in the login/authentication flow, allowing an attacker to deduce whether a customer account exists by measuring response times. The issue is fixed in versions 8.2.4 and 9.0.3. Impact ...