6654 matches found
PT-2025-17720 · WordPress · Buddypress Force Password Change
Name of the Vulnerable Software and Affected Versions: Buddypress Force Password Change plugin for WordPress versions up to, and including, 0.1 Description: The issue allows for authenticated account takeover due to improper validation of a user's identity prior to updating their password through...
PT-2025-31931 · Tracker · Pdf-Xchange Editor
Name of the Vulnerable Software and Affected Versions: PDF-XChange Editor version 10.5.2.395 Description: An out-of-bounds read vulnerability exists in the EMF functionality. Exploitation involves using a specially crafted EMF file, which could lead to the disclosure of sensitive information...
PT-2025-17580 · Codemers · Codemers Klims
Name of the Vulnerable Software and Affected Versions: Codemers KLIMS version 1.6.DEV Description: The issue allows Python code injection. A user can provide Python code as an input value for a parameter or qualifier, such as for sorting, which will get executed on the server side. Recommendation...
CVE-2024-12543
User Enumeration and Data Integrity in Barcode functionality in OpenText Content Management versions 24.3-25.1on Windows and Linux allows a malicous authenticated attacker to potentially alter barcode attributes...
CVE-2024-12543 A user enumeration and subsequent data integrity vulnerability affecting barcode functionality
User Enumeration and Data Integrity in Barcode functionality in OpenText Content Management versions 24.3-25.1on Windows and Linux allows a malicous authenticated attacker to potentially alter barcode attributes...
CVE-2024-12543 A user enumeration and subsequent data integrity vulnerability affecting barcode functionality
User Enumeration and Data Integrity in Barcode functionality in OpenText Content Management versions 24.3-25.1on Windows and Linux allows a malicous authenticated attacker to potentially alter barcode attributes...
CVE-2024-12543
OpenText Content Management 24.3–25.1 on Windows and Linux is affected by CVE-2024-12543, a user-enumeration and data-integrity issue in the barcode functionality that could allow a malicious authenticated attacker to alter barcode attributes. Affected component is the barcode handling path; root...
CVE-2024-12863 Stored XSS in Discussions functionality
Stored XSS in Discussions in OpenText Content Management CE 20.2 to 25.1 on Windows and Linux allows authenticated malicious users to inject code into the system...
[SECURITY] Fedora 40 Update: rust-cookie_store-0.21.1-1.fc40
Implementation of Cookie storage and retrieval...
OpenText Content Management 安全漏洞
OpenText Content Management is an enterprise content management software from OpenText Canada. A security vulnerability exists in OpenText Content Management versions 24.3 through 25.1, which stems from a user enumeration and data integrity issue in the barcode functionality, which could lead to ...
PT-2025-17442 · Opentext · Opentext Content Management
Name of the Vulnerable Software and Affected Versions: OpenText Content Management versions 24.3 through 25.1 Description: The issue concerns User Enumeration and Data Integrity in the Barcode functionality, allowing a malicious authenticated attacker to potentially alter barcode attributes...
CVE-2025-3824 SourceCodester Web-based Pharmacy Product Management System add-product.php cross site scripting
A vulnerability classified as problematic was found in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected by this vulnerability is an unknown functionality of the file add-product.php. The manipulation of the argument txtprice/txtproductname leads to cross site scripting. T...
CVE-2025-32796
Dify (open‑source LLM app platform) prior to version 0.6.12 is affected by an access control flaw where normal users can enable/disable apps via the API despite UI restrictions. The root cause is an insufficiently enforced permissions model, allowing non‑admin changes that can disrupt app functio...
CVE-2025-3788 baseweb JSite save cross site scripting
A vulnerability was found in baseweb JSite 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /a/sys/user/save. The manipulation of the argument Name leads to cross site scripting. The attack can be launched remotely. The exploit has...
CVE-2025-29512
Cross-Site Scripting XSS vulnerability in NodeBB v4.0.4 and before allows remote attackers to store arbitrary code and potentially render the blacklist IP functionality unusable until content is removed via the database...
CVE-2025-3113
A valid, authenticated user with sufficient privileges and who is aware of Continuous Compliance’s internal database configurations can leverage the application’s built-in Connector functionality to access Continuous Compliance’s internal database. This allows the user to explore the internal...
CVE-2025-31338
A missing authorization vulnerability in the retrieve teacher Information function of Wisdom Master Pro versions 5.0 through 5.2 allows remote attackers to obtain partial user data by accessing the API functionality...
CVE-2025-31338
Wisdom Master Pro (versions 5.0–5.2) exposes a missing authorization vulnerability in the retrieve teacher Information API, allowing remote attackers to read partial user data. Affected component is the retrieve teacher Information function; root cause is lack of authorization checks, as describe...
CVE-2025-31338 Wisdom Master Pro - Missing Authorization
A missing authorization vulnerability in the retrieve teacher Information function of Wisdom Master Pro versions 5.0 through 5.2 allows remote attackers to obtain partial user data by accessing the API functionality...
From PyPI to the Dark Marketplace: How a Malicious Package Fuels the Sale of Telegram Identities
Introduction In today’s digital era, security breaches can occur in the blink of an eye. Telegram Desktop is renowned for its secure, user-friendly messaging interface, but what if the data used to provide seamless experience could also be your greatest problem? Our investigation into three...