10 matches found
Astra Linux – Vulnerability in python-pymysql
PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input, because keys are not escaped by escapedict...
CVE-2025-68657 espressif/usb_host_hid Double-Free Race Condition in USB Host HID Device Close Path
Espressif ESP-IDF USB Host HID Human Interface Device Driver allows access to HID devices. Prior to 1.1.0, calls to hidhostdeviceclose can free the same usbtransfert twice. The USB event callback and user code share the hidifacet state without locking, so both can tear down a READY interface...
CVE-2024-9421
The Login Logout Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...
CVE-2023-47819
Cross-Site Request Forgery CSRF vulnerability in Dang Ngoc Binh Easy Call Now by ThikShare plugin = 1.1.0 versions...
CVE-2022-46180
Discourse Mermaid discourse-mermaid-theme-component allows users of Discourse, open-source forum software, to create graphs using the Mermaid syntax. Users of discourse-mermaid-theme-component version 1.0.0 who can create posts are able to inject arbitrary HTML on that post. The issue has been...
CVE-2025-25133 WordPress WP Frontend Submit Plugin <= 1.1.0 - Reflected Cross-Site Scripting vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in newbiesup WP Frontend Submit wp-frontend-submit allows Reflected XSS.This issue affects WP Frontend Submit: from n/a through = 1.1.0...
CVE-2025-23495
CVE-2025-23495 is a reflected Cross-Site Scripting vulnerability in the NotFound WooCommerce Order Search plugin for WordPress. The description indicates Improper Neutralization of Input During Web Page Generation, enabling reflected XSS. Affected range: WooCommerce Order Search plugins from n/a ...
Smarts Smart Agent 安全漏洞
Smarts Smart Agent is a powerful, flexible and extensible tool from Smarts for monitoring wireless network performance and services from the end user's perspective. A security vulnerability exists in Smarts Smart Agent version v1.1.0, which originates from the /youtubeInfo.php page containing a...
PT-2024-31280 · Unknown · Perfex Crm
Name of the Vulnerable Software and Affected Versions: Perfex CRM version 1.1.0 Description: A stored cross-site scripting XSS issue in the Discussion section allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content parameter. This enables attacker...
Malicious code in testforconfusion (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 0463d945d1cd3398ce2594034fd52775ac94fe411f1cc645f88f757522abfc1b The OpenSSF Package Analysis project identified 'testforconfusion' @ 1.1.0 npm as malicious. It is considered malicious because: - The package...