15 matches found
PT-2026-47122
Name of the Vulnerable Software and Affected Versions All-In-One Security AIOS – Security and Firewall plugin for WordPress versions prior to 5.4.8 Description Stored Cross-Site Scripting occurs due to insufficient input sanitization in the get rest route function and missing output escaping in t...
WordPress Ultimate FAQ Accordion Plugin plugin <= 2.4.7 - Authenticated (Author+) Stored Cross-Site Scripting via FAQ Content vulnerability
Authenticated Author+ Stored Cross-Site Scripting via FAQ Content vulnerability discovered by WordFence in WordPress Plugin Ultimate FAQ versions = 2.4.7...
CVE-2026-39974
n8n-MCP is a Model Context Protocol MCP server that provides AI assistants with comprehensive access to n8n node documentation, properties, and operations. Prior to 2.47.4, an authenticated Server-Side Request Forgery in n8n-mcp allows a caller holding a valid AUTHTOKEN to cause the server to iss...
GHSA-4GGG-H7PH-26QR n8n-mcp has authenticated SSRF via instance-URL header in multi-tenant HTTP mode
Impact An authenticated Server-Side Request Forgery in n8n-mcp allows a caller holding a valid AUTHTOKEN to cause the server to issue HTTP requests to arbitrary URLs supplied through multi-tenant HTTP headers. Response bodies are reflected back through JSON-RPC, so an attacker can read the conten...
CVE-2026-25030 WordPress Goldish theme < 3.47 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in parkofideas Goldish goldish allows Object Injection.This issue affects Goldish: from n/a through 3.47...
CVE-2006-10003 XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack
XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in stserialstack. In the case stackptr == stacksize - 1, the stack will NOT be expanded. Then the new value will be written at location ++stackptr, which equals stacksize and therefore falls just outside the allocat...
CVE-2026-25785
Path traversal vulnerability exists in Lanscope Endpoint Manager On-Premises Sub-Manager Server Ver.9.4.7.3 and earlier, which may allow an attacker to tamper with arbitrary files and execute arbitrary code on the affected system...
CVE-2025-53679
An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions, FortiSandbox Cloud 24.1,...
CVE-2025-57763 Cross-Site Scripting (XSS) Reflected in 'insere_despacho.php' parameter 'sccs'
WeGIA is a Web manager for charitable institutions. Prior to 3.4.7, there is a Reflected Cross-Site Scripting XSS vulnerability in the inseredespacho.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the cpf sccs. This vulnerability is fixed...
CVE-2021-32742
Vapor is a web framework for Swift. In versions 4.47.1 and prior, bug in the Data.initbase32Encoded: function opens up the potential for exposing server memory and/or crashing the server Denial of Service for applications where untrusted data can end up in said function. Vapor does not currently...
CVE-2023-26343
Adobe Dimension versions 3.4.7 and earlier is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim...
PT-2022-20946 · 3S Smart Software Solutions · Codesys V2 Plcwinnt +1
Name of the Vulnerable Software and Affected Versions: CODESYS V2 PLCWinNT and Runtime Toolkit 32 versions prior to V2.4.7.57 Description: The issue concerns password protection not being enabled by default. In cases where no password is set at the controller, there is no information or prompt to...
PT-2021-20569 · 3S Smart Software Solutions · Codesys V2 Runtime Toolkit
Name of the Vulnerable Software and Affected Versions: CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT versions prior to V2.4.7.56 Description: The issue allows unauthenticated crafted invalid requests to result in several denial-of-service conditions. This can cause running PLC programs to b...
Multiple Intel Server System Product Buffer Error Vulnerabilities
Intel Server System is a server array card from Intel Corporation USA. A buffer error vulnerability exists in multiple Intel Server System products. The vulnerability originates when a network system or product performs an operation on memory without properly validating data boundaries, resulting...
IrfanView .fpx file buffer overflow vulnerability (CNVD-2017-14134)
IrfanView is an image viewer developed by Irfan Skiljan, a software developer from Bosnia and Herzegovina, which supports image browsing, image editing, image format conversion, etc. FPX Plugin is one of the programmable interface extensions. A buffer overflow vulnerability exists in version 4.47...