WordPress plugin Welcart e-Commerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

CVE-2023-3410

The Bricks theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘customTag' attribute in versions up to, and including, 1.10.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with access to the Bricks Builder...

Red Hat Ansible 日志信息泄露漏洞

Red Hat Ansible is a computer system configuration manager from Red Hat USA. The product can be used to distribute, manage, and orchestrate computer systems. Red Hat Ansible suffers from a log information disclosure vulnerability that originates when sensitive information stored in an Ansible Vau...

EulerOS 2.0 SP10 : httpd (EulerOS-SA-2024-2417)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services,...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2024-2368)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

httpd: Security issues via backend applications whose response headers are malicious or exploitable

A flaw was found in httpd. Backend applications whose response headers are malicious or exploitable may allow information disclosure, server-side request forgery SSRF or local script execution...

httpd: Security issues via backend applications whose response headers are malicious or exploitable

A flaw was found in httpd. Backend applications whose response headers are malicious or exploitable may allow information disclosure, server-side request forgery SSRF or local script execution...

Perfex CRM 安全漏洞

Perfex CRM is a customer relationship management software from Perfex CRM open source. Used to manage customers, projects and create invoices in the cloud. A security vulnerability exists in Perfex CRM v1.1.0. An attacker can exploit the vulnerability to execute arbitrary web script or HTML by...

Cross Site Scripting(XSS)

craftcms/cms is vulnerable to Cross Site ScriptingXSS. The vulnerability is due to insufficient input sanitization in the breadcrumb list and title fields, allowing user-provided input to be stored without proper validation or encoding, which then executes malicious scripts when displayed...

CVE-2024-45625

Cross-site scripting vulnerability exists in Forminator versions prior to 1.34.1. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who follows a crafted URL and accesses the webpage with the web form created by Forminator...

httpd: Security issues via backend applications whose response headers are malicious or exploitable

A flaw was found in httpd. Backend applications whose response headers are malicious or exploitable may allow information disclosure, server-side request forgery SSRF or local script execution...

httpd: Security issues via backend applications whose response headers are malicious or exploitable

A flaw was found in httpd. Backend applications whose response headers are malicious or exploitable may allow information disclosure, server-side request forgery SSRF or local script execution...

MAL-2024-12238 Malicious code in cobo-custdy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 cd0d754c7d09b395a490411bfdba9006309e5227c634e9946f4612de907de0d0 It appears to be a forgotten pentest checking typosquatting against cobo-custody package, but may also have malicious purposes. During installation, if a machi...

Indico 安全漏洞

Indico is a feature-rich event management system from Indico Open Source. A security vulnerability exists in Indico versions prior to 3.3.4 that stems from insufficient validation of input when redirecting to nextURL during account creation, which could lead to the execution of malicious scripts...

httpd: Security issues via backend applications whose response headers are malicious or exploitable

A flaw was found in httpd. Backend applications whose response headers are malicious or exploitable may allow information disclosure, server-side request forgery SSRF or local script execution...

CVE-2024-8004

A stored Cross-site Scripting XSS vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...

Dassault Systèmes 3DEXPERIENCE 安全漏洞

Dassault Systèmes 3DEXPERIENCE is a business and innovation platform from Dassault Systèmes France. A security vulnerability exists in Dassault Systèmes 3DEXPERIENCE versions R2023x through R2024x, which stems from susceptibility to a stored cross-site scripting attack that allows an attacker to...

Halo 安全漏洞

Halo is a powerful and easy-to-use open source website builder from Halo Open Source. A security vulnerability exists in Halo versions prior to 2.17.0. An attacker exploited the vulnerability to execute malicious scripts in a user's browser via specific HTML and JavaScript code...

Dassault Systèmes 3DEXPERIENCE 安全漏洞

Dassault Systèmes 3DEXPERIENCE is a business and innovation platform from Dassault Systèmes France. A security vulnerability exists in Dassault Systèmes 3DEXPERIENCE versions R2022x through R2024x, which stems from susceptibility to a stored cross-site scripting attack that allows an attacker to...

Dassault Systèmes 3DEXPERIENCE 跨站脚本漏洞

Dassault Systèmes 3DEXPERIENCE is a business and innovation platform from Dassault Systèmes France. A cross-site scripting vulnerability exists in Dassault Systèmes 3DEXPERIENCE version R2024x, which stems from susceptibility to a stored cross-site scripting attack that allows an attacker to...