5359 matches found
WordPress Easy Forms for Mailchimp Plugin < 6.8.9 - Cross-Site Scripting
The Easy Forms for Mailchimp plugin before version 6.8.9 contains a reflected cross-site scripting vulnerability. The plugin does not properly sanitize and escape the sqlerror parameter before outputting it back in the page when the debug option is enabled, which could allow attackers to execute...
EUVD-2025-210451
An unauthenticated path traversal vulnerability exists in the web management interface of WTI Wireless Technology, Inc. version 3.5.0.r 2024/05/24 00:00:00. An unauthenticated attacker can craft malicious HTTP requests containing traversal sequences to access files outside of the intended web roo...
CVE-2011-10043 Module::Load versions before 0.22 for Perl allow arbitrary modules outside of @INC to be loaded
Module::Load versions before 0.22 for Perl allow arbitrary modules outside of @INC to be loaded. Module names starting with "::" could be passed to the load function to specify arbitrary module paths. Attackers able to influence module names passed to load could use that bug to execute arbitrary...
EUVD-2011-5272
Module::Load versions before 0.22 for Perl allow arbitrary modules outside of @INC to be loaded. Module names starting with "::" could be passed to the load function to specify arbitrary module paths. Attackers able to influence module names passed to load could use that bug to execute arbitrary...
CVE-2026-57720
Missing Authorization vulnerability in Codexpert Inc ThumbPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ThumbPress: from n/a through 6.3.2...
UBUNTU-CVE-2026-37106
An issue in DokuWiki 2025-05-14b "Librarian" 56.2 allows a remote attacker to create an account via the register function in inc/auth.php. NOTE: this is disputed by the Supplier because this is the intentional behavior when the product is configured for self-registration a non-default feature...
WordPress Qi Blocks plugin <= 1.4.9 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Style Modification vulnerability
Insecure Direct Object Reference to Authenticated Author+ Arbitrary Style Modification vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Qi Blocks versions = 1.4.9...
CVE-2026-37106
An issue in DokuWiki 2025-05-14b "Librarian" 56.2 allows a remote attacker to create an account via the register function in inc/auth.php. NOTE: this is disputed by the Supplier because this is the intentional behavior when the product is configured for self-registration a non-default feature...
CVE-2026-54819
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Webilia Inc. Listdom allows Blind SQL Injection. This issue affects Listdom: from n/a through 5.4.0...
CVE-2026-39007
An issue in Observeinc's Observe v.2026-01-28 and before allows a remote attacker to obtain sensitive information via the CSV Log export component...
PT-2026-49301
Name of the Vulnerable Software and Affected Versions Kandji Agent versions prior to 4.7.55374 Description A client validation gap in the software allows a local attacker to escalate privileges and invoke restricted agent functionality. Recommendations Update to version 4.7.55374 or later...
PT-2026-49235
Improper Control of Interaction Frequency vulnerability in MIA Technology Inc. Pizzy Library allows Flooding. This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250...
EUVD-2024-55618
Cross-Site request forgery CSRF vulnerability in Magepeople inc. WpEvently allows Cross Site Request Forgery. This issue affects WpEvently: from n/a through 4.1.2...
WordPress All-In-One Security (AIOS) – Security and Firewall plugin <= 5.4.7 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin All In One WP Security & Firewall versions = 5.4.7...
Dolibarr ERP CRM 安全漏洞
Dolibarr ERP CRM is an open-source enterprise and sales management system developed by Dolibarr. Versions of Dolibarr ERP CRM prior to 23.0.2 contain security vulnerabilities. These vulnerabilities stem from unauthorized permissions granted to unknown functions in the...
CVE-2026-41229
Froxlor is open source server administration software. Prior to version 2.3.6, PhpHelper::parseArrayToString writes string values into single-quoted PHP string literals without escaping single quotes. When an admin with changeserversettings permission adds or updates a MySQL server via the API, t...
CVE-2018-25402
The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Attackers can send GET requests to inctypesgraph.php with crafted SQL payloads to extract sensitive...
CVE-2018-25402 The Open ISES Project 3.30A SQL Injection via inc_types_graph.php
The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Attackers can send GET requests to inctypesgraph.php with crafted SQL payloads to extract sensitive...
CVE-2018-25402
CVE-2018-25402 affects Open ISES Project 3.30A. A SQL injection flaw in inc_types_graph.php via the p1 parameter allows unauthenticated remote attackers to execute arbitrary SQL and extract sensitive DB information (schema names, data). The CVE is associated with high-severity metrics (CVSS 3.1/4...
EUVD-2018-21924
The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Attackers can send GET requests to inctypesgraph.php with crafted SQL payloads to extract sensitive...