CVE-2025-5595

The CVE-2025-5595 entry concerns FreeFloat FTP Server 1.0, with a vulnerability in the PROGRESS Command Handler that allows a remote buffer overflow. Multiple sources confirm remote exploitation and public disclosure of the exploit. Practical impact is high due to potential remote access and data...

CVE-2025-5595 FreeFloat FTP Server PROGRESS Command buffer overflow

A vulnerability was found in FreeFloat FTP Server 1.0 and classified as critical. This issue affects some unknown processing of the component PROGRESS Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and...

CVE-2025-5595 FreeFloat FTP Server PROGRESS Command buffer overflow

A vulnerability was found in FreeFloat FTP Server 1.0 and classified as critical. This issue affects some unknown processing of the component PROGRESS Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and...

FreeFloat FTP Server 安全漏洞

FreeFloat FTP Server is an FTP service from FreeFloat. A buffer overflow vulnerability exists in FreeFloat FTP Server, which stems from the failure of the component PROGRESS Command Handler to properly validate the length and size of input data, no details of the vulnerability are provided at thi...

PT-2025-23830 · Unknown · Freefloat Ftp Server

Name of the Vulnerable Software and Affected Versions: FreeFloat FTP Server version 1.0 Description: A critical issue affects the PROGRESS Command Handler component, leading to a buffer overflow. This can be exploited remotely. Recommendations: For FreeFloat FTP Server version 1.0, consider...

CVE-2025-23936

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Harun R. Rayhanthecrazycoder CC Circle Progress Bar cc-circle-progress-bar allows Stored XSS.This issue affects CC Circle Progress Bar: from n/a through = 1.0.0...

CVE-2024-8140

A vulnerability was found in SourceCodester Task Progress Tracker 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file update-task.php. The manipulation of the argument taskname leads to cross site scripting. The attack may be launched remotely. The...

CVE-2024-7792

A vulnerability was found in SourceCodester Task Progress Tracker 1.0. It has been classified as critical. Affected is an unknown function of the file /endpoint/delete-task.php. The manipulation of the argument task leads to sql injection. It is possible to launch the attack remotely. The exploit...

CVE-2024-7793

A vulnerability was found in SourceCodester Task Progress Tracker 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /endpoint/add-task.php. The manipulation of the argument taskname leads to cross site scripting. The attack can be...

CVE-2024-11385

The Pure CSS Circle Progress bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'circleprogress' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...

CVE-2024-37422

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Progress Planner Progress Planner progress-planner.This issue affects Progress Planner: from n/a through = 0.9.2...

CVE-2024-11627

: Insufficient Session Expiration vulnerability in Progress Sitefinity allows : Session Fixation.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421...

CVE-2024-50548

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Abdullah Nahian Awesome Progress Bar awesome-progess-bar allows DOM-Based XSS.This issue affects Awesome Progress Bar: from n/a through = 1.0.13...

CVE-2024-37411

Missing Authorization vulnerability in Progress Planner Progress Planner progress-planner.This issue affects Progress Planner: from n/a through = 0.9.1...

CVE-2023-4637

The WPvivid plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the restore and getrestoreprogress function in versions up to, and including, 0.9.94. This makes it possible for unauthenticated attackers to invoke these functions and obtain full...

CVE-2023-34364

A buffer overflow was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. An overly large value for certain options of a connection string may overrun the buffer allocated to process the string value. This allows an attacker to execute code of their choice on an...

CVE-2023-34363

An issue was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. When using Oracle Advanced Security OAS encryption, if an error is encountered initializing the encryption object used to encrypt data, the code falls back to a different encryption mechanism that uses a...

CVE-2023-23699

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Chris Reynolds Progress Bar plugin = 2.2.1 versions...

CVE-2023-6223

The LearnPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.5.7 via the /wp-json/lp/v1/profile/course-tab REST API due to missing validation on the 'userID' user controlled key. This makes it possible for authenticated attackers,...

CVE-2022-24977

ImpressCMS before 1.4.2 allows unauthenticated remote code execution via ...../// directory traversal in origName or imageName, leading to unsafe interaction with the CKEditor processImage.php script. The payload may be placed in PHPSESSIONUPLOADPROGRESS when the PHP installation supports...