369 matches found
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the User-Agent header being logged and later rendered in the admin event log interface without proper output encoding. An attacker can execute arbitrary JavaScript in an administrator's browser by submitting...
Oracle MySQL Server 安全漏洞
Oracle MySQL Server is an open source relational database management system with an InnoDB component that provides transaction-safe storage engine functionality. A denial of service vulnerability exists in Oracle MySQL Server. The vulnerability stems from the InnoDB component failing to properly...
CVE-2026-3358
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized private course enrollment in all versions up to, and including, 3.9.7. This is due to missing poststatus validation in the enrollnow and courseenrollment functions. Both enrollment endpoints...
Directory Traversal
Overview @hono/node-server is a Node.js Adapter for Hono Affected versions of this package are vulnerable to Directory Traversal due to inconsistent handling of repeated slashes in the serveStatic process. An attacker can access sensitive static files that are intended to be protected by bypassin...
Arbitrary Code Injection
Overview langflow is an A Python package with a built-in web application Affected versions of this package are vulnerable to Arbitrary Code Injection via the code parameter in the validate endpoint. An attacker can execute arbitrary code with root privileges by sending a specially crafted request...
CVE-2022-31789
An integer overflow in WatchGuard Firebox and XTM appliances allows an unauthenticated remote attacker to trigger a buffer overflow and potentially execute arbitrary code by sending a malicious request to exposed management ports. This is fixed in Fireware OS 12.8.1, 12.5.10, and 12.1.4...
CVE-2022-23765
This vulnerability occured by sending a malicious POST request to a specific page while logged in random user from some family of IPTIME NAS. Remote attackers can steal root privileges by changing the password of the root through a POST request...
Exposure of Sensitive System Information to an Unauthorized Control Sphere
Overview react-server-dom-turbopack is a React Server Components bindings for DOM using Turbopack. This is intended to be integrated into meta-frameworks. It is not intended to be imported directly. Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an...
Exposure of Sensitive System Information to an Unauthorized Control Sphere
Overview react-server-dom-webpack is a React Server Components bindings for DOM using Webpack. This is intended to be integrated into meta-frameworks. It is not intended to be imported directly. Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an...
CVE-2025-66564 Sigstore Timestamp Authority allocates excessive memory during request parsing
Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.0.3, Function api.ParseJSONRequest currently splits via a call to strings.Split an optionally-provided OID which is untrusted data on periods. Similarly, function api.getContentType splits the Content-Type heade...
WordPress I Order Terms plugin cross-site request forgery vulnerability
WordPress I Order Terms plugin is a plugin that adds sorting or ordering functionality to WordPress taxonomies such as taxonomies, tags, and custom taxonomies. The WordPress I Order Terms plugin suffers from a cross-site request forgery vulnerability that stems from a web application that does no...
Dee Store 安全漏洞
Dee Store is an online shopping web application by the individual developer Dinuka Navaratna. A security vulnerability exists in Dee Store version 1.0, which stems from a lack of authorization validation and could allow a remote attacker to bypass privilege control by constructing a malicious...
WordPress Easy Email Subscription plugin Cross-Site Request Forgery Vulnerability
WordPress Easy Email Subscription plugin is a plugin for adding email subscription functionality to your WordPress website. The WordPress Easy Email Subscription plugin suffers from a cross-site request forgery vulnerability that originates from a web application that does not adequately validate...
CVE-2025-31994 HCL Unica Campaign is vulnerable to Reflected Cross-Site Scripting (XSS)
HCL Unica Campaign 12.1.10 is vulnerable to Reflected Cross-Site Scripting XSS where an attacker injects malicious script into an HTTP request, which is then reflected unsafely in the server's immediate response to the victim's browser, executing the script as if it originated from the trusted...
EUVD-2002-1018
Malware in sbrugna...
EUVD-2020-29806
Malware in sbrugna...
EUVD-2019-16161
Malware in sbrugna...
EUVD-2021-1389
Malware in sbrugna...
EUVD-2021-23313
Malware in sbrugna...
EUVD-2019-16210
Malware in sbrugna...