6654 matches found
CVE-2025-3175
A vulnerability was found in Project Worlds Online Lawyer Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /saveusereditprofile.php. The manipulation of the argument firstName leads to sql injection. The attack may be launched...
CVE-2025-31768
CVE-2025-31768 concerns the WordPress plugin Widget Manager Light (OTWthemes). The vulnerability is described as a Missing Authorization issue that allows accessing functionality not properly constrained by ACLs. Affected versions are Widget Manager Light up to and including 1.18 (n/a through
CVE-2025-2292
Xorcom CompletePBX is vulnerable to an authenticated path traversal, allowing for arbitrary file reads via the Backup and Restore functionality.This issue affects CompletePBX: through 5.2.35...
Webmin < 2.100 Multiple Vulnerabilities
According to its self-reported version, the Webmin install hosted on the remote host is prior to 2.100. It is, therefore, affected by multiple vulnerabilities: - A Cross-Site Scripting XSS vulnerability exists in the Users Real name parameter. - A Cross-Site Scripting XSS vulnerability exists in...
CVE-2025-26056
A command injection vulnerability exists in the Infinxt iEdge 100 2.1.32 in the Troubleshoot module "MTR" functionality. The vulnerability is due to improper validation of user-supplied input in the mtrIp parameter. An attacker can exploit this flaw to execute arbitrary operating system commands ...
CVE-2025-2292
Xorcom CompletePBX is vulnerable to an authenticated path traversal, allowing for arbitrary file reads via the Backup and Restore functionality.This issue affects CompletePBX: through 5.2.35...
CVE-2025-3004 Sayski ForestBlog search cross site scripting
A vulnerability has been found in Sayski ForestBlog up to 20250321 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /search. The manipulation of the argument keywords leads to cross site scripting. The attack can be launched remotely. The explo...
CVE-2025-3004 Sayski ForestBlog search cross site scripting
A vulnerability has been found in Sayski ForestBlog up to 20250321 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /search. The manipulation of the argument keywords leads to cross site scripting. The attack can be launched remotely. The explo...
CVE-2025-2292 Xorcom CompletePBX <= 5.2.35 Authenticated File Disclosure
Xorcom CompletePBX is vulnerable to an authenticated path traversal, allowing for arbitrary file reads via the Backup and Restore functionality.This issue affects CompletePBX: through 5.2.35...
CVE-2025-2292 Xorcom CompletePBX <= 5.2.35 Authenticated File Disclosure
Xorcom CompletePBX is vulnerable to an authenticated path traversal, allowing for arbitrary file reads via the Backup and Restore functionality.This issue affects CompletePBX: through 5.2.35...
Remote Utilities Installed (Linux)
Binary data remoteutilitiesnixinstalled.nbin...
PT-2025-13859 · Drupal · Drupal Profile Private
Name of the Vulnerable Software and Affected Versions: Drupal Profile Private version . Description: The issue affects the private profile functionality. Recommendations: For version ., consider updating to a newer version that addresses this issue, if available. At the moment, there is no...
GHSA-8FM5-GG2F-F66Q Publify Vulnerable To Cross-Site Scripting (XSS) Via Redirects Requiring User Interaction
Summary A publisher on a publify application is able to perform a cross-site scripting attack on an administrator using the redirect functionality. Details A publisher on a publify application is able to perform a cross-site scripting attack on an administrator using the redirect functionality. T...
CVE-2024-39311
Publify CVE-2024-39311 is a publicly documented XSS vulnerability in older Publify Rails apps. Before Publify 10.0.1 (and before publify_core 10.0.2), a publisher could trigger an administrator XSS via the redirect feature, requiring the admin to click a malicious link. Impact described includes ...
CVE-2024-39311 Publify Vulnerable To Cross-Site Scripting (XSS) Via Redirects Requiring User Interaction
Publify is a self hosted Web publishing platform on Rails. Prior to version 10.0.1 of Publify, corresponding to versions prior to 10.0.2 of the publifycore rubygem, publisher on a publify application is able to perform a cross-site scripting XSS attack on an administrator using the redirect...
CVE-2022-49744 mm/uffd: fix pte marker when fork() without fork event
In the Linux kernel, the following vulnerability has been resolved: mm/uffd: fix pte marker when fork without fork event Patch series "mm: Fixes on pte markers". Patch 1 resolves the syzkiller report from Pengfei. Patch 2 further harden pte markers when used with the recent swapin error markers...
CVE-2023-52941
CVE-2023-52941 affects the Linux kernel can:isotp subsystem. The bug arose from the tx timer handling for isotp PDUs, where the timer served two roles: sending two consecutive frames with a gap and monitoring timeouts for flow control and echo frames. This caused more complex txstate checks and e...
CVE-2025-30362 WeGIA vulnerable to Stored XSS in documentos_funcionario.php parameter id
WeGIA is a Web manager for charitable institutions. A stored Cross-Site Scripting XSS vulnerability was identified in versions prior to 3.2.8. This vulnerability allows unauthorized scripts to be executed within the user's browser context. Stored XSS is particularly critical, as the malicious cod...
CVE-2025-30821 WordPress SNORDIAN's H5PxAPIkatchu plugin <= 0.4.14 - Broken Access Control vulnerability
Missing Authorization vulnerability in otacke SNORDIAN's H5PxAPIkatchu h5pxapikatchu allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects SNORDIAN's H5PxAPIkatchu: from n/a through = 0.4.14...
CVE-2025-2562
Insufficient logging in the autotyping feature in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use a stored password without generating a corresponding log event, via the use of the autotyping functionality. This issue affects Remote Desktop Manager versions from...