86 matches found
CVE-2026-6399
The General Options plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.1.0. This is due to the use of sanitizetextfield for output escaping in the Contact Number adcontactnumber field — a function that strips HTML tags but does not encode...
CVE-2026-6399 General Options <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'ad_contact_number' Parameter
The General Options plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.1.0. This is due to the use of sanitizetextfield for output escaping in the Contact Number adcontactnumber field — a function that strips HTML tags but does not encode...
EUVD-2026-31040
The General Options plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.1.0. This is due to the use of sanitizetextfield for output escaping in the Contact Number adcontactnumber field — a function that strips HTML tags but does not encode...
PT-2026-30476
TaskInfo 8.2.0.280 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying oversized input to registration fields. Attackers can paste excessively long strings into the New User Name or New Serial Number textboxes in the Help menu's registration...
CVE-2018-25251 Snes9K 0.0.9z Buffer Overflow SEH via Netplay Socket
Snes9K 0.0.9z contains a buffer overflow vulnerability in the Netplay Socket Port Number field that allows local attackers to trigger a structured exception handler SEH overwrite. Attackers can craft a malicious payload and paste it into the Socket Port Number field via the Netplay Options menu t...
CVE-2024-51223
A stored cross-site scripting XSS vulnerability in the component /admin/profile.php of Phpgurukul Vehicle Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Mobile Number parameter...
CVE-2019-25469
Folder Lock 7.7.9 contains a buffer overflow vulnerability in the serial number registration field that allows local attackers to crash the application by submitting an oversized payload. Attackers can paste a 6000-byte buffer of arbitrary data into the 'Serial Number and Registration Key' field ...
Exploit for Cross-site Scripting in Invoiceplane
CVE-2026-25595 — Stored XSS via Invoice Number in InvoicePlane...
EUVD-2019-19742
Folder Lock 7.7.9 contains a buffer overflow vulnerability in the serial number registration field that allows local attackers to crash the application by submitting an oversized payload. Attackers can paste a 6000-byte buffer of arbitrary data into the 'Serial Number and Registration Key' field ...
CVE-2019-25469
Folder Lock 7.7.9 contains a buffer overflow vulnerability in the serial number registration field that allows local attackers to crash the application by submitting an oversized payload. Attackers can paste a 6000-byte buffer of arbitrary data into the 'Serial Number and Registration Key' field ...
CVE-2019-25469 Folder Lock 7.7.9 Denial of Service via Serial Number Field
Folder Lock 7.7.9 contains a buffer overflow vulnerability in the serial number registration field that allows local attackers to crash the application by submitting an oversized payload. Attackers can paste a 6000-byte buffer of arbitrary data into the 'Serial Number and Registration Key' field ...
CVE-2019-25469
Technical details about CVE-2019-25469 are not provided in the connected documents. The Initial Description contains details, but no related technical specifics are available here. Monitor for updates.
CVE-2019-25469 Folder Lock 7.7.9 Denial of Service via Serial Number Field
Folder Lock 7.7.9 contains a buffer overflow vulnerability in the serial number registration field that allows local attackers to crash the application by submitting an oversized payload. Attackers can paste a 6000-byte buffer of arbitrary data into the 'Serial Number and Registration Key' field ...
PT-2026-24767
Folder Lock 7.7.9 contains a buffer overflow vulnerability in the serial number registration field that allows local attackers to crash the application by submitting an oversized payload. Attackers can paste a 6000-byte buffer of arbitrary data into the 'Serial Number and Registration Key' field ...
NewSoftwares Folder Lock 缓冲区错误漏洞
NewSoftwares Folder Lock is a comprehensive data security application developed by NewSoftwares in the United States. It allows you to protect your personal files, photos, videos, documents, contacts, wallet cards, notes, and recordings in iPhones with passwords. The version 7.7.9 of NewSoftwares...
CVE-2026-25595
InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability exists in InvoicePlane 1.7.0 via the Invoice Number field. An authenticated administrator can inject malicious JavaScript that executes when any...
CVE-2026-25595
InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability exists in InvoicePlane 1.7.0 via the Invoice Number field. An authenticated administrator can inject malicious JavaScript that executes when any...
CVE-2026-25595 InvoicePlane has Stored XSS via Invoice Number in Invoice View and Dashboard
InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability exists in InvoicePlane 1.7.0 via the Invoice Number field. An authenticated administrator can inject malicious JavaScript that executes when any...
CVE-2026-25595
InvoicePlane 1.7.0 has a stored XSS vulnerability in the Invoice Number field. An authenticated administrator can inject JavaScript that executes when an admin views the affected invoice or visits the dashboard. The issue is fixed in version 1.7.1. CVSS v3.1 base score is 4.8 (Medium); attack vec...
CVE-2026-25595 InvoicePlane has Stored XSS via Invoice Number in Invoice View and Dashboard
InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability exists in InvoicePlane 1.7.0 via the Invoice Number field. An authenticated administrator can inject malicious JavaScript that executes when any...