198 matches found
WordPress plugin Contact Form 7 reCAPTCHA 安全漏洞
WordPress and the WordPress plugin are products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in WordPress plugin Contact...
PT-2025-37295
Name of the Vulnerable Software and Affected Versions: Contact Form 7 reCAPTCHA WordPress plugin versions through 1.2.0 Description: The plugin does not escape the $ SERVER'REQUEST URI' parameter before outputting it, potentially leading to Reflected Cross-Site Scripting in older web browsers...
Linux Distros Unpatched Vulnerability : CVE-2023-28097
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.9 and 3.2.6, a malformed SIP message containing a large Content-Lengt...
CVE-2025-58362
Hono is a Web application framework that provides support for any JavaScript runtime. Versions 4.8.0 through 4.9.5 contain a flaw in the getPath utility function which could allow path confusion and potential bypass of proxy-level ACLs e.g. Nginx location blocks. The original implementation relie...
SUSE CVE-2025-50946
OS Command Injection in Olivetin 2025.4.22 Custom Themes via the ParseRequestURI function in service/internal/executor/arguments.go...
CVE-2025-8113
The Ebook Store WordPress plugin before 5.8015 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...
CVE-2025-8113 Ebook Store < 5.8015 - Reflected XSS via $_SERVER['REQUEST_URI']
The Ebook Store WordPress plugin before 5.8015 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...
CVE-2025-8113
CVE-2025-8113 affects the Ebook Store WordPress plugin (versions before 5.8015). The issue is a Reflected Cross-Site Scripting vulnerability where the plugin does not escape the $_SERVER['REQUEST_URI'] when outputting it into an HTML attribute, enabling a crafted URL to inject scripts in vulnerab...
CVE-2025-8113 Ebook Store < 5.8015 - Reflected XSS via $_SERVER['REQUEST_URI']
The Ebook Store WordPress plugin before 5.8015 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...
PT-2025-33537
Name of the Vulnerable Software and Affected Versions: The Ebook Store WordPress plugin versions prior to 5.8015 Description: The Ebook Store WordPress plugin does not escape the $ SERVER'REQUEST URI' parameter before outputting it, potentially leading to Reflected Cross-Site Scripting in older w...
WordPress plugin Ebook Store 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2025-8046 Injection Guard < 1.2.8 - Reflected XSS via $_SERVER['REQUEST_URI']
The Injection Guard WordPress plugin before 1.2.8 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...
PT-2025-33128 · WordPress · Injection Guard
Name of the Vulnerable Software and Affected Versions: Injection Guard WordPress plugin versions prior to 1.2.8 Description: The Injection Guard WordPress plugin does not properly escape the $ SERVER'REQUEST URI' parameter before displaying it within an attribute. This could lead to Reflected...
CVE-2025-50946
OS Command Injection in Olivetin 2025.4.22 Custom Themes via the ParseRequestURI function in service/internal/executor/arguments.go...
CVE-2025-50946
OS Command Injection in Olivetin 2025.4.22 Custom Themes via the ParseRequestURI function in service/internal/executor/arguments.go...
CVE-2024-8056
The MM-Breaking News WordPress plugin through 0.7.9 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...
CVE-2023-28097
OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.9 and 3.2.6, a malformed SIP message containing a large Content-Length value and a specially crafted Request-URI causes a segmentation fault in OpenSIPS. This issue occurs when a large amount of shared memo...
CVE-2023-22972
A Reflected Cross-site scripting XSS vulnerability in interface/forms/eyemag/php/eyemagfunctions.php in OpenEMR 7.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the REQUESTURI...
CVE-2022-45909
drachtio-server before 0.8.19 has a heap-based buffer over-read via a long Request-URI in an INVITE request...
CVE-2021-43557
The uri-block plugin in Apache APISIX before 2.10.2 uses $requesturi without verification. The $requesturi is the full original request URI without normalization. This makes it possible to construct a URI to bypass the block list on some occasions. For instance, when the block list contains...