7 matches found
CVE-2026-25305
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 8theme XStore xstore allows DOM-Based XSS.This issue affects XStore: from n/a through = 9.6.4...
PT-2026-20679
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 8theme XStore xstore allows DOM-Based XSS.This issue affects XStore: from n/a through = 9.6.4...
WordPress XStore theme <= 9.6.4 - Arbitrary Shortcode Execution vulnerability
Arbitrary Shortcode Execution vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme XStore versions = 9.6.4...
CVE-2019-25296
The CVE-2019-25296 entry concerns the WP Cost Estimation WordPress plugin up to version 9.642, where missing file type validation in the lfb_upload_form and lfb_removeFile AJAX actions allows unauthenticated arbitrary file uploads and deletions. This can enable uploading arbitrary files to the se...
CVE-2022-41964
BigBlueButton is an open source web conferencing system. This vulnerability only affects release candidates of BigBlueButton 2.4. The attacker can start a subscription for poll results before starting an anonymous poll, and use this subscription to see individual responses in the anonymous poll...
PT-2024-4767 · Atlassian · Bamboo
Name of the Vulnerable Software and Affected Versions: Atlassian Bamboo Data Center and Server versions 9.0.0 through 9.6.0 Description: The issue is related to a File Inclusion vulnerability that allows an authenticated attacker to display the contents of a local file or execute different files...
PT-2024-5283 · Siemens · Siprotec 5
Name of the Vulnerable Software and Affected Versions: SIPROTEC 5 6MD84 CP300 versions prior to V9.64 SIPROTEC 5 6MD85 CP200 versions prior to V9.64 SIPROTEC 5 6MD85 CP300 versions prior to V9.64 SIPROTEC 5 6MD86 CP200 versions prior to V9.64 SIPROTEC 5 6MD86 CP300 versions prior to V9.64 SIPROTE...