1820 matches found
CVE-2026-13225
Malicious HTML content could be injected into the email address of an order, which pretix showed without sanitization on the confirmation page for individual tickets in that order...
EUVD-2026-39418
Malicious HTML content could be injected into the email address of an order, which pretix showed without sanitization on the confirmation page for individual tickets in that order...
CVE-2026-13225
The provided connected documents confirm CVE-2026-13225 as a Stored XSS in pretix. Malicious HTML content could be injected into the email address field of an order; pretix displays this on the confirmation page for individual tickets without sanitization. Affects pretix’s order confirmation page...
CVE-2020-9695
CVE-2020-9695 is an out-of-bounds write vulnerability in Adobe Acrobat/Reader. Affects multiple releases (e.g., Acrobat Reader versions 2020.009.20074, 2020.001.30002, 2017.011.30171, 2015.006.30523 and earlier) and related Acrobat products. Root cause: out-of-bounds write in the affected code pa...
CVE-2020-9711
CVE-2020-9711 describes an out-of-bounds read (CWE-125) in Adobe Acrobat/Reader. Affected products include multiple lines of Acrobat/Reader: DC Continuous and Classic channels, across 2015, 2017, 2020 release families (e.g., 2020.009.20074, 2020.001.30002, 2017.011.30171, 2015.006.30523 and earli...
CVE-2020-9713
CVE-2020-9713 is an out-of-bounds read (CWE-125) in Adobe Acrobat and Reader. Affected are versions including 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier. The vulnerability could disclose sensitive memory and requires user interaction (vi...
CVE-2024-35690
CVE-2024-35690 – WordPress Widget Options plugin up to version 4.0.1 is vulnerable to sensitive data exposure (Subscriber+). The Patchstack entries (and WPVulnDB reference) indicate vulnerable versions are
CVE-2024-35648
No technical details are provided in the connected documents for CVE-2024-35648 beyond the description of a CSRF vulnerability in the Emergency Password Reset plugin (WordPress)
CVE-2024-32729
CVE-2024-32729 concerns WordPress ChatBot Conversational Forms (QuantumCloud Conversational Forms for ChatBot)
CVE-2024-31435
CVE-2024-31435 affects the WordPress plugin Social Media & Share Icons (versions up to 2.8.6). The issue is a Missing Authorization vulnerability caused by incorrectly configured access control levels, enabling access to protected functionality without proper permissions. The CVE entry lists a Pa...
CVE-2024-33685
Technical details for CVE-2024-33685 (WordPress Startupzy theme) are not publicly provided in the supplied documents. No confirmed affected versions, root cause, impact, or remediation are stated here; monitor official advisories for updates.
CVE-2022-44630
The CVE-2022-44630 entry pertains to the WordPress plugin YITH WooCommerce Product Slider Carousel (vulnerable:
CVE-2022-42479
CVE-2022-42479 concerns a Broken Access Control in WordPress Soledad premium theme versions
CVE-2023-33999
Technical details on CVE-2023-33999 are not provided in the supplied documents. Please monitor for updates from vendors/security advisories before assessing impact, affected products, or fixes.
CVE-2022-26758
CVE-2022-26758: macOS Monterey before 12.4 is affected by a memory corruption issue that may allow a malicious application to cause unexpected changes in memory shared between processes. The vulnerability is addressed in macOS Monterey 12.4 with improved state management. The CVE entry notes a lo...
CVE-2026-39334
ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /SettingsIndividual.php in ChurchCRM 7.0.5. Authenticated users without any specific privileges can inject arbitrary SQL statements through the type array parameter via t...
CVE-2022-41656
CVE-2022-41656 describes a Missing Authorization vulnerability in the WordPress plugin Account Manager for WooCommerce . Affected versions are up to 2.1.2 (per CVE notices) with a broken access control that allows exploiting incorrectly configured access levels. The core issue is missing authoriz...
free5GC 代码问题漏洞
free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC prior to 4.2.2 contained code vulnerabilities. These vulnerabilities stemmed from null pointer dereferencing in the PCF’s app-sessions handler under certain conditions, which could lead to a 500...
CVE-2024-33288
The CVE-2024-33288 entry covers a SQL injection vulnerability in Prison Management System Using PHP v1.0, exposed on the Admin login page via the username parameter. Multiple connected sources document an authentication bypass PoC and public exploits targeting admin access (e.g., by injecting adm...
CVE-2024-33724
SOPlanning 1.52.00 is vulnerable to Cross Site Scripting (XSS) via the groupe_id parameter to process/groupe_save.php. Affected software is SOPlanning; the vulnerability arises in the groupe_id handling, enabling injection that can affect authenticated users and potentially hijack sessions (per C...