CVE-2025-5135 Tmall Demo Product Details Page admin cross site scripting

A vulnerability, which was classified as problematic, has been found in Tmall Demo up to 20250505. Affected by this issue is some unknown functionality of the file /tmall/admin/ of the component Product Details Page. The manipulation of the argument Product Name/Product Title leads to cross site...

PT-2025-22828 · Unknown · Process Lock

Name of the Vulnerable Software and Affected Versions: process lock crate version 0.1.0 Description: The issue allows data races in unlock, which can lead to unpredictable behavior. Recommendations: For process lock crate version 0.1.0, consider avoiding the use of the unlock functionality until ...

CVE-2025-47558

Missing Authorization vulnerability in RomanCode MapSVG mapsvg allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MapSVG: from n/a through 8.6.13...

CVE-2025-0700

A vulnerability was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/sys/log/list. The manipulation of the argument logId leads to sql injection. The attack may be...

CVE-2025-22383

An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity input validation issue exists in the Commerce B2B application, affecting the Contact Us functionality. This allows visitors to send e-mail messages that could contain unfiltered HTML markup in specific...

CVE-2024-25906

Authentication Bypass by Spoofing vulnerability in WP Happy Coders Comments Like Dislike allows Functionality Bypass.This issue affects Comments Like Dislike: from n/a through 1.2.2...

CVE-2024-43253

Missing Authorization vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders.This issue affects Smart Online Order for Clover: from n/a through = 1.5.6...

CVE-2024-7824

Access of Resource Using Incompatible Type 'Type Confusion' vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit wrUrl.Dll modules allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2.3...

CVE-2024-7825

Access of Resource Using Incompatible Type 'Type Confusion' vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit wrUrl.Dll modules allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2.3...

CVE-2024-47001

Hidden functionality issue in multiple digital video recorders provided by TAKENAKA ENGINEERING CO., LTD. allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings...

CVE-2024-34336

User enumeration vulnerability in ORDAT FOSS-Online before v2.24.01 allows attackers to determine if an account exists in the application by comparing the server responses of the forgot password functionality...

CVE-2024-30567

An issue in JNT Telecom JNT Liftcom UMS V1.J Core Version JM-V15 allows a remote attacker to execute arbitrary code via the Network Troubleshooting functionality...

CVE-2024-23734

Cross Site Request Forgery vulnerability in in the upload functionality of the User Profile pages in savignano S/Notify before 2.0.1 for Bitbucket allow attackers to replace S/MIME certificate or PGP keys for arbitrary users via crafted link...

CVE-2024-37430

Authentication Bypass by Spoofing vulnerability in patreon Patreon WordPress patreon-connect.This issue affects Patreon WordPress: from n/a through = 1.9.0...

CVE-2024-52529

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For users with the following configuration: 1. An allow policy that selects a Layer 3 destination and a port range AND 2. A Layer 7 allow policy that selects a specific port within the first policy's range...

CVE-2024-1288

The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saswpreviewsformrender' function in all versions up to, and including, 1.26. This makes it possible for authenticated attackers, with...

CVE-2024-27626

A Reflected Cross-Site Scripting XSS vulnerability has been identified in Dotclear version 2.29. The flaw exists within the Search functionality of the Admin Panel...

CVE-2024-2076

A vulnerability was found in CodeAstro House Rental Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file booking.php/owner.php/tenant.php. The manipulation leads to missing authentication. The attack may be launched remotely. Th...

CVE-2024-5710

berriai/litellm version 1.34.34 is vulnerable to improper access control in its team management functionality. This vulnerability allows attackers to perform unauthorized actions such as creating, updating, viewing, deleting, blocking, and unblocking any teams, as well as adding or deleting any...

CVE-2024-5933

A Cross-site Scripting XSS vulnerability exists in the chat functionality of parisneo/lollms-webui in the latest version. This vulnerability allows an attacker to inject malicious scripts via chat messages, which are then executed in the context of the user's browser...