CVE-2026-33386

QuickCMS is vulnerable to Cross-Site Scripting XSS through its insecure HTTP-based plugin‑fetching mechanism. A malicious attacker can perform a Man‑in‑the‑Middle MITM attack by impersonating the opensolution.org server and serving arbitrary HTML or JavaScript at the plugin list endpoint. When a...

CVE-2026-33386

CVE-2026-33386 affects QuickCMS. An attacker can exploit an insecure HTTP-based plugin-fetching mechanism to perform a Cross-Site Scripting (XSS) via a MITM that impersonates the opensolution.org server and serves arbitrary HTML/JavaScript at the plugin list endpoint. When a user visits the plugi...

QuickCMS 跨站脚本漏洞

QuickCMS is an open-source content management system developed by QuickCMS. QuickCMS has a cross-site scripting vulnerability. This vulnerability stems from an insecure HTTP-based plugin acquisition mechanism that makes it vulnerable to cross-site scripting attacks. Malicious attackers can...

WordPress plugin jQuery googleslides 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

CVE-2026-41517

CVE-2026-41517 affects Emlog, an open source website building system. The vulnerability arises from an insecure plugin upload function in versions before 2.6.11, allowing an attacker to upload and execute arbitrary PHP code on the server, yielding complete server compromise and enabling a persist...

emlog 代码问题漏洞

Emlog is an open-source CMS website building system based on PHP and MySQL. Versions of Emlog prior to 2.6.11 had code vulnerabilities, which stemmed from an insecure plugin upload feature. This vulnerability could allow attackers to upload and execute arbitrary PHP code...

PT-2026-39198

Name of the Vulnerable Software and Affected Versions Emlog versions prior to 2.6.11 Description Insecure plugin upload functionality allows attackers to upload and execute arbitrary PHP code, which can lead to complete server compromise and the installation of a persistent backdoor...

TensorFlow 代码问题漏洞

TensorFlow is an open-source end-to-end open platform for machine learning. There are code-related vulnerabilities in TensorFlow. These vulnerabilities stem from improper handling of plugins, where plugins are loaded from insecure locations by the application. This may allow local attackers to ga...

Arbitrary File Write

Shopware is vulnerable to Arbitrary file write. The vulnerability is due to insufficient validation of uploaded plugin files, which allows an attacker to write files to arbitrary directories and upload a PHP shell, resulting in persistent shell access on on-premises installations...

CVE-2025-34274

Nagios Log Server versions prior to 2024R2.0.3 contain an execution with unnecessary privileges vulnerability as it runs its embedded Logstash process as the root user. If an attacker is able to compromise the Logstash process - for example by exploiting an insecure plugin, pipeline configuration...

Nagios Log Server 安全漏洞

Nagios Log Server is a suite of centralized log management, monitoring, and analysis software from Nagios, Inc. A security vulnerability exists in Nagios Log Server versions prior to 2024R2.0.3, which stems from the embedded Logstash process running as root user, which could lead to an attacker...

EUVD-2005-0458

Malware in sbrugna...

JetBrains YouTrack < 2024.3.47197 Arbitrary Code Execution

The version of JetBrains YouTrack installed on the remote host is prior to 2024.3.47197. It is, therefore, affected by a vulnerability as referenced in the 2024347197 advisory. - Insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests JT-85294 Note that Nessus...

CVE-2024-49579

In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests...

CVE-2024-49579

JetBrains YouTrack prior to 2024.3.47197 is affected by CVE-2024-49579 due to insufficient validation of the iframe plugin communication channel, allowing arbitrary JavaScript execution and unauthorized API requests. The issue stems from the iframe plugin; attacker-controlled payloads could be ex...

CVE-2024-49579

In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests...

CVE-2024-49579

In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests...

Parallels Access 代码问题漏洞

Parallels Access is a parallel access application from Parallels USA. enabling the fastest, easiest, and most reliable remote access to your computer from anywhere. A code issue vulnerability exists in Parallels Access Agent version 6.5.4 39316 that stems from This vulnerability allows a local...

PT-2022-13845 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 6.4.x and earlier Description: The issue is related to insecure plugin handling in Mattermost, where the software fails to properly check the plugin version when a plugin is installed from the Marketplace. This allows an...

PT-2021-3849 · Phplist · Phplist

Name of the Vulnerable Software and Affected Versions: phplist version 3.5.1 Description: The issue is related to a lack of restrictions on file uploads in the phplist application, which can be exploited by uploading a malicious plugin containing PHP files with certain extensions, such as PHP,...