CVE-2019-25240

Rifatron 5brid DVR suffers an unauthenticated vulnerability in the animate.cgi script that enables unauthorized access to live video streams via the Mobile Web Viewer by specifying channel numbers. Affected versions include HD6-532/516, DX6-516/508/504, MX6-516/508/504, EH6-504. Root cause is the...

CVE-2022-50683

CVE-2022-50683 concerns a stored cross-site scripting vulnerability in Kentico Xperience, arising from unvalidated form redirect URL configuration. The issue allows injection of malicious scripts that execute in users’ browsers in the context of the affected platform. Connected sources (CNVD, EUV...

CVE-2025-68275

ChurchCRM prior to version 6.5.3 contains a stored cross-site scripting vulnerability on the View Active People, View Inactive People, and View All People pages. The root cause is lack of effective filtering and escaping of user-supplied data on these listings, allowing an attacker to inject scri...

WordPress plugin Stockholm Core 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability...

CVE-2023-53872

Wp2Fac 1.0 contains an OS command injection vulnerability in the send.php endpoint that allows remote attackers to execute arbitrary system commands. Attackers can inject shell commands through the 'numara' parameter by appending shell commands with '&' operators to execute malicious code...

CVE-2025-14643

A vulnerability was found in code-projects Simple Attendance Record System 2.0. The affected element is an unknown function of the file /check.php. Performing manipulation of the argument student results in sql injection. Remote exploitation of the attack is possible. The exploit has been made...

CVE-2025-64613

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2025-64861

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

EUVD-2025-202505

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2025-64555

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2025-64547

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager is enterprise-grade content management software CMS from Adobe for building, managing, and deploying digital experiences such as websites, mobile apps, digital assets, and forms. Adobe Experience Manager suffers from a cross-site scripting vulnerability that stems from a...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The solution supports mobile content management, marketing and sales campaign management, and multi-site management. A...

CVE-2021-47728

Selea Targa IP OCR-ANPR Camera contains an unauthenticated command injection vulnerability in utils.php that allows remote attackers to execute arbitrary shell commands. Attackers can exploit the 'addr' and 'port' parameters to inject commands and gain www-data user access through chained local...

CVE-2025-63042 WordPress Tutor LMS Elementor Addons plugin <= 3.0.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeum Tutor LMS Elementor Addons tutor-lms-elementor-addons allows Stored XSS.This issue affects Tutor LMS Elementor Addons: from n/a through = 3.0.1...

PT-2025-50080

Name of the Vulnerable Software and Affected Versions SNMP Web Pro version 1.1 Description An unauthenticated directory traversal issue exists in the cgi-bin/upload.cgi component. The component concatenates user-supplied parameters directly onto a base path /var/www/files/userScript/ using memcpy...

CVE-2025-34260

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/action/schedule endpoint. When an authenticated user adds a schedule to an existing task, the schedule name is stored and later rendered in schedule listings without HTML...

CVE-2025-13796

A security vulnerability has been detected in deco-cx apps up to 0.120.1. Affected by this vulnerability is the function AnalyticsScript of the file website/loaders/analyticsScript.ts of the component Parameter Handler. Such manipulation of the argument url leads to server-side request forgery. T...

WordPress StaffList plugin <= 3.2.6 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Ivan Cese in WordPress Plugin StaffList versions = 3.2.6...

PT-2025-48189

Name of the Vulnerable Software and Affected Versions TRENDnet TEW-657BRM version 1.00.1 Description The TRENDnet TEW-657BRM device version 1.00.1 contains an authenticated remote OS command injection issue in the setup.cgi binary. An attacker can exploit this by manipulating the HTTP parameters...