217 matches found
CVE-2022-34885
An improper input sanitization vulnerability in the Motorola MR2600 router could allow a local user with elevated permissions to execute arbitrary code...
CVE-2019-13343
Butor Portal before 1.0.27 is affected by a Path Traversal vulnerability leading to a pre-authentication arbitrary file download. Effectively, a remote anonymous user can download any file on servers running Butor Portal. WhiteLabelingServlet is responsible for this vulnerability. It does not...
Cross-site Scripting (XSS)
store2 is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input sanitization in the store.deep.js component, allowing a remote attacker to execute arbitrary code...
WordPress plugin Wishlist for WooCommerce 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...
OS Command Injection
Ray is vulnerable to Os command Injection. The vulnerability is due to improper input sanitization in the cpuprofile URL parameter, allowing attackers to execute OS commands remotely on the system running the Ray dashboard without authentication...
OpenVPN Improper Input Sanitization Vulnerability (Jan 2025) - Windows
OpenVPN is prone to an improper input sanitization vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openvpn:openvpn...
Amazon Linux 2023 : nodejs20, nodejs20-devel, nodejs20-full-i18n (ALAS2023-2025-795)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-795 advisory. Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the...
WordPress plugin Custom Field For WP Job Manager 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the toHTMLEx method due to improper input sanitization. An attacker can execute arbitrary JavaScript code by injecting malicious scripts into the input data processed by this method. Details Cross-site...
WordPress plugin Hive Support SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...
Reflected Cross-Site Scripting (XSS)
librenms/librenms is vulnerable to Reflected Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization of the "metric" parameter in the "/wireless" and "/health" endpoints, allowing attackers to inject arbitrary JavaScript...
Cross-Site Scripting (XSS)
librenms/librenms is vulnerable to stored cross-site scripting XSS. The vulnerability is due to improper input sanitization when adding notes to a device, allowing JavaScript code in the notes to be triggered when the ExamplePlugin is enabled...
PT-2024-9473 · Advantech · Advantech Eki-6333Ac-2G +1
Name of the Vulnerable Software and Affected Versions: Advantech EKI-6333AC-2G versions 1.6.3 and earlier Advantech EKI-6333AC-2GD versions 1.6.3 and earlier Advantech EKI-6333AC-1GPO versions 1.2.1 and earlier Description: A security issue was discovered in the "scan ap" API of Advantech's...
CVE-2024-21539
Versions of the package @eslint/plugin-kit before 0.2.3 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the program by exploiting this vulnerability...
Siemens SCALANCE M-800 Family Improper Neutralization of Special Elements in Output Used By a Downstream Component (CVE-2024-50572)
Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...
Cross-Site Request Forgery (CSRF)
Mattermost is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to improper sanitization of user inputs in the frontend used for redirection, allowing a one-click client-side path traversal that results in a cross-site request forgery CSRF in Playbooks...
CVE-2024-51597
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in ThemeShark ThemeShark Templates & Widgets for Elementor allows Stored XSS.This issue affects ThemeShark Templates & Widgets for Elementor: from n/a through 1.1.7...
GHSA-3XGQ-45JJ-V275 Regular Expression Denial of Service (ReDoS) in cross-spawn
Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string...
CVE-2024-21538
Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string...
CVE-2024-21538
Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string...