ELECOM WAB 代码问题漏洞

ELECOM WAB is a series of wireless access points produced by the ELECOM company in Japan. ELECOM WAB has a code vulnerability that stems from the lack of checking whether the language parameter has an appropriate value. This vulnerability may cause administrator pages to be displayed incorrectly ...

CVE-2026-3862

Cross-site Scripting XSS allows an attacker to submit specially crafted data to the application which is returned unaltered in the resulting web page...

Yokogawa FAST/TOOLS 安全漏洞

Yokogawa FAST/TOOLS is a real-time operation management and visualization software developed by Yokogawa Electric Corporation. There are security vulnerabilities in the Yokogawa FAST/TOOLS R9.01 version up to R10.04. These vulnerabilities stem from the incorrect display of detailed information on...

CVE-2025-65349

A Stored Cross-Site Scripting XSS vulnerability in Web management interface in Each Italy Wireless Mini Router WIRELESS-N 300M v28K.MiniRouter.20190211 allows attackers to execute arbitrary scripts via a crafted payload due to unsanitized repeater AP SSID value when is displayed in any page at...

CVE-2025-64781

In GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupSession ZION prior to ver5.7.1, "External page display restriction" is set to "Do not limit" in the initial configuration. With this configuration, the user may be redirected to an arbitrary website...

CVE-2025-64781

In GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupSession ZION prior to ver5.7.1, "External page display restriction" is set to "Do not limit" in the initial configuration. With this configuration, the user may be redirected to an arbitrary website...

CVE-2025-64781

In GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupSession ZION prior to ver5.7.1, "External page display restriction" is set to "Do not limit" in the initial configuration. With this configuration, the user may be redirected to an arbitrary website...

PT-2025-50878

In GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupSession ZION prior to ver5.7.1, "External page display restriction" is set to "Do not limit" in the initial configuration. With this configuration, the user may be redirected to an arbitrary website...

EUVD-2024-23422

Malicious code in bioql PyPI...

WordPress Advanced Custom Fields Plugin HTML Injection Vulnerability

WordPress Advanced Custom Fields Plugin is a powerful custom fields plugin for WordPress that allows you to add many types of custom fields such as images, checkboxes, files, text, etc. to posts, pages, categories, users, and other objects, and supports exporting to XML or PHP code, and can be...

CVE-2025-54940

An HTML injection vulnerability exists in WordPress plugin "Advanced Custom Fields" prior to 6.4.3. If this vulnerability is exploited, crafted HTML code may be rendered and page display may be tampered...

CVE-2025-54940

An HTML injection vulnerability exists in WordPress plugin "Advanced Custom Fields" prior to 6.4.3. If this vulnerability is exploited, crafted HTML code may be rendered and page display may be tampered...

CVE-2023-2279

The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on the 'adminpagedisplay' function. This makes it possible for unauthenticated attackers to delete or change plugin...

PT-2023-6491 · Apple +9 · Macos Sonoma +16

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 17.1 iPadOS versions prior to 17.1 watchOS versions prior to 10.1 iOS versions prior to 16.7.2 iPadOS versions prior to 16.7.2 macOS Sonoma versions prior to 14.1 Safari versions prior to 17.1 tvOS versions prior to 17.1...

PT-2023-6493 · Apple · Macos Sonoma +7

Name of the Vulnerable Software and Affected Versions: Safari versions prior to 17.1 iOS versions prior to 17.1 iOS versions prior to 16.7.2 iPadOS versions prior to 17.1 iPadOS versions prior to 16.7.2 watchOS versions prior to 10.1 tvOS versions prior to 17.1 macOS Sonoma versions prior to 14.1...

CVE-2023-2279

The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on the 'adminpagedisplay' function. This makes it possible for unauthenticated attackers to delete or change plugin...

CVE-2023-2279

The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on the 'adminpagedisplay' function. This makes it possible for unauthenticated attackers to delete or change plugin...

CVE-2023-2279

The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on the 'adminpagedisplay' function. This makes it possible for unauthenticated attackers to delete or change plugin...

CVE-2023-2279 WP Directory Kit <= 1.2.1 - Cross-Site Request Forgery to Plugin Settings Change/Delete, Demo Import, Directory Kit Modification/Deletion via admin_page_display

The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on the 'adminpagedisplay' function. This makes it possible for unauthenticated attackers to delete or change plugin...

PT-2023-25896 · Mediawiki +1 · Mediawiki Proofreadpage Extension +1

Name of the Vulnerable Software and Affected Versions: MediaWiki ProofreadPage extension versions through 1.39.3 Description: An issue in the ProofreadPage extension for MediaWiki allows hidden users to be exposed via public interfaces, specifically in the includes/Page/PageContentHandler.php and...