2966 matches found
CVE-2025-58861 WordPress Quick Event Calendar Plugin <= 1.4.9 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery CSRF vulnerability in WP Corner Quick Event Calendar quick-event-calendar allows Stored XSS.This issue affects Quick Event Calendar: from n/a through = 1.4.9...
WordPress Quick Event Calendar Plugin <= 1.4.9 - Cross Site Request Forgery (CSRF) Vulnerability
Cross Site Request Forgery CSRF Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Quick Event Calendar versions = 1.4.9...
WordPress plugin Quick Event Calendar 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site request forgery...
WordPress plugin Quick Paypal Payments 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...
PT-2025-36252
Name of the Vulnerable Software and Affected Versions: fullworks Quick Paypal Payments versions through 5.7.46 Description: The software contains a Cross-Site Request Forgery CSRF flaw. This issue allows attackers to perform actions on behalf of authenticated users. Recommendations: fullworks Qui...
PT-2025-36200
Name of the Vulnerable Software and Affected Versions: Quick Event Calendar versions n/a through 1.4.9 Description: A Cross-Site Request Forgery CSRF vulnerability exists in WP Corner Quick Event Calendar, which also allows Stored Cross-Site Scripting XSS. Recommendations: Update Quick Event...
WordPress Quick Paypal Payments Plugin <= 5.7.46 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Quick Paypal Payments versions = 5.7.46...
CVE-2025-54540
QuickCMS is vulnerable to Reflected XSS via sSort parameter in admin's panel functionality. A malicious attacker can craft a specially crafted URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. The vendor was notified early about this vulnerability, but didn...
CVE-2025-54543 Stored XSS in QuickCMS
QuickCMS is vulnerable to Stored XSS via sDescriptionMeta parameter in page editor SEO functionality. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. By default admin user is not able to add...
MAL-2025-41597 Malicious code in quick-start_onnxruntime-web-bundler (npm)
--- -= Per source details. Do not edit below this line.=-...
PT-2025-34984
Name of the Vulnerable Software and Affected Versions: QuickCMS version 6.8 Description: QuickCMS transmits passwords and login credentials via GET requests, potentially allowing a local attacker with access to a victim’s browser history to obtain credentials and log in as the user...
CVE-2025-55745
UnoPim is an open-source Product Information Management PIM system built on the Laravel framework. Versions 0.3.0 and prior are vulnerable to CSV injection, also known as formula injection, in the Quick Export feature. This vulnerability allows attackers to inject malicious content into exported...
Linux Distros Unpatched Vulnerability : CVE-2008-7320
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GNOME Seahorse through 3.30 allows physically proximate attackers to read plaintext passwords by using the quickAllow dialog at an unattended workstation, if th...
CVE-2025-9298
A flaw has been found in Tenda M3 1.0.0.12. Affected is the function formQuickIndex of the file /goform/QuickIndex. Executing manipulation of the argument PPPOEPassword can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been published and may be used...
CVE-2025-55745
UnoPim is an open-source Product Information Management PIM system built on the Laravel framework. Versions 0.3.0 and prior are vulnerable to CSV injection, also known as formula injection, in the Quick Export feature. This vulnerability allows attackers to inject malicious content into exported...
UnoPim has CSV Injection on Quick Export feature
Summary Description: CSV Injection or Formula Injection is a security vulnerability that occurs when malicious content is inserted into a CSV Comma-Separated Values file, which is then opened in a spreadsheet application like Microsoft Excel. This attack exploits the way spreadsheet software...
CSV Injection
Overview Affected versions of this package are vulnerable to CSV Injection via the Quick Export process. An attacker can execute arbitrary commands on the victim's machine by injecting malicious formulas into fields that are later exported to CSV and opened in spreadsheet applications. This is on...
GHSA-74RG-6F92-G6WX UnoPim has CSV Injection on Quick Export feature
Summary Description: CSV Injection or Formula Injection is a security vulnerability that occurs when malicious content is inserted into a CSV Comma-Separated Values file, which is then opened in a spreadsheet application like Microsoft Excel. This attack exploits the way spreadsheet software...
CVE-2025-55745 UnoPim Quick Export feature is vulnerable to CSV injection
UnoPim is an open-source Product Information Management PIM system built on the Laravel framework. Versions 0.3.0 and prior are vulnerable to CSV injection, also known as formula injection, in the Quick Export feature. This vulnerability allows attackers to inject malicious content into exported...
CVE-2025-55745
CVE-2025-55745 affects UnoPim (Laravel-based PIM). Versions 0.3.0 and earlier are vulnerable to CSV/Formula Injection in Quick Export, allowing malicious content in exported CSVs to be interpreted as formulas, potentially enabling remote code execution (including reverse shells). Remediation: upg...