27 matches found
CVE-2026-6798
The 2Download Connector for 2DL Hosted Checkout plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 0.1.5. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...
EUVD-2026-37996
The 2Download Connector for 2DL Hosted Checkout plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 0.1.5. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...
EUVD-2026-35174
A vulnerability has been found in SourceCodester Onlne Examination & Learning Management System and Syllabus-aligned Learning Management and Examination System 1.0. Affected by this issue is some unknown functionality of the file importusers.php. The manipulation of the argument rawpassword with...
CVE-2026-5112
The Gravity Forms plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient input validation and output escaping of Calculation Product field product names when rendered inside Repeater fields. The validat...
WordPress plugin Gravity Forms 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
CVE-2026-2863
A flaw has been found in fenghaha/megagao ssm-erp and productionssm up to 4288d53bd35757b27f2d070057aefb2c07bdd097. The impacted element is the function deleteFile of the file FileServiceImpl.java. This manipulation causes path traversal. The attack can be initiated remotely. The exploit has been...
CVE-2026-2860
CVE-2026-2860 affects feng_ha_ha/megagao ssm-erp and production_ssm (up to commit 4288d53bd35757b27f2d070057aefb2c07bdd097). The vulnerability targets an unknown function in EmployeeController.java, causing improper authorization. It can be initiated remotely, and the exploit has been publicly di...
PT-2026-21360
A flaw has been found in feng ha ha/megagao ssm-erp and production ssm up to 4288d53bd35757b27f2d070057aefb2c07bdd097. The impacted element is the function deleteFile of the file FileServiceImpl.java. This manipulation causes path traversal. The attack can be initiated remotely. The exploit has...
PT-2026-21367
A vulnerability has been found in feng ha ha/megagao ssm-erp and production ssm up to 4288d53bd35757b27f2d070057aefb2c07bdd097. This affects the function pictureDelete of the file PictureController.java. Such manipulation of the argument picName leads to path traversal. The attack can be launched...
Malicious code in gita-rujak16-sluey (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 004c034d74b9085d3ad772fd56edcca3fedfbdf9469f9bc0ccd4b82d21ec686c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2010-2762
Malware in sbrugna...
PT-2025-38529
Name of the Vulnerable Software and Affected Versions 07FLYCMS, 07FLY-CMS, and 07FlyCRM versions up to 20250831 Description A cross-site scripting XSS flaw exists due to the manipulation of the Name argument in an unknown part of the /index.php file. This allows for remote execution of scripts. T...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from incorrect reporting of device product names in the HID:wacom module, resulting in null pointer dereferences...
CVE-2024-33605
Improper processing of some parameters of installedemanuallist.html leads to a path traversal vulnerability. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under References...
CVE-2024-28038
The web interface of the affected devices processes a cookie value improperly, leading to a stack buffer overflow. More precisely, giving too long character string to MFPSESSIONID parameter results in a stack buffer overflow. As for the details of affected product names, model numbers, and...
CVE-2024-36251
The web interface of the affected devices process some crafted HTTP requests improperly, leading to a device crash. More precisely, a crafted parameter to billcodedefsubsel.html is not processed properly and device-crash happens. As for the details of affected product names, model numbers, and...
CVE-2024-36249
Cross-site scripting vulnerability exists in Sharp Corporation and Toshiba Tech Corporation multiple MFPs multifunction printers. If this vulnerability is exploited, an arbitrary script may be executed on the administrative page of the affected MFPs. As for the details of affected product names,...
CVE-2024-28955
Affected devices create coredump files when crashed, storing them with world-readable permission. Any local user of the device can examine the coredump files, and research the memory contents. As for the details of affected product names, model numbers, and versions, refer to the information...
CVE-2024-28955
CVE-2024-28955 affects Sharp/Toshiba TEC MFPs. The issue arises from incorrect permission assignment, causing crash coredump files to be world-readable; any local user can inspect memory contents. Public details cover affected models/versions through vendor notices and related advisories. Remedia...
CVE-2024-22475
Cross-site request forgery vulnerability in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. allows a remote unauthenticated attacker to perform unintended operations on the affected product. As for the details of affected product names, mod...