WordPress SureForms plugin cross-site scripting vulnerability

WordPress SureForms plugin is designed for WordPress visual form builder plugin , support drag and drop operation , no programming foundation can quickly build responsive form . WordPress SureForms plugin suffers from a cross-site scripting vulnerability that stems from the lack of effective...

WordPress Customer Reviews for WooCommerce plugin cross-site scripting vulnerability

WordPress Customer Reviews for WooCommerce plugin is mainly used to enhance the customer reviews feature of the WooCommerce platform to boost store conversions and user trust through automated alerts, multi-language support and social proof. A cross-site scripting vulnerability exists in the...

WordPress All in One Time Clock Lite plugin cross-site scripting vulnerability

WordPress All in One Time Clock Lite plugin is a plugin for tracking employee's working hours and supports employee/volunteer/contractor attendance recording and report generation. The WordPress All in One Time Clock Lite plugin suffers from a cross-site scripting vulnerability that stems from th...

CVE-2025-55006 Frappe Learning Holds Potential for Malicious SVG Upload in Image Upload Feature

Frappe Learning is a learning system that helps users structure their content. In versions 2.33.0 and below, the image upload functionality did not adequately sanitize uploaded SVG files. This allowed users to upload SVG files containing embedded JavaScript or other potentially malicious content...

CVE-2025-55006

CVE-2025-55006 affects Frappe LMS 2.34.x/2.35.0. The issue stems from an incomplete fix for CVE-2025-55006, enabling cross-site scripting via manipulated input. Remote exploitation is described as possible; an exploit has been made public per connected sources. A remediation is to upgrade to a ve...

CVE-2025-55006 Frappe Learning Holds Potential for Malicious SVG Upload in Image Upload Feature

Frappe Learning is a learning system that helps users structure their content. In versions 2.33.0 and below, the image upload functionality did not adequately sanitize uploaded SVG files. This allowed users to upload SVG files containing embedded JavaScript or other potentially malicious content...

Frappe Learning 输入验证错误漏洞

Frappe Learning is an easy-to-use open source learning management system from Frappe Open Source. An input validation error vulnerability exists in Frappe Learning version 2.33.0 and earlier, which stems from insufficient cleanup of uploaded SVG files and could lead to the execution of arbitrary...

CVE-2025-22470

CL4/6NX Plus and CL4/6NX-J Plus Japan model with the firmware versions prior to 1.15.5-r1 allow crafted dangerous files to be uploaded. An arbitrary Lua script may be executed on the system with the root privilege...

Important: git

Issue Overview: When a user clones an untrusted repository and runs Gitk without additional command arguments, any writable file can be created and truncated. The option "Support per-file encoding" must have been enabled. The operation "Show origin of this line" is affected as well, regardless of...

CVE-2025-51629

A cross-site scripting XSS vulnerability in the PdfViewer component of Agenzia Impresa Eccobook 2.81.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Temp parameter...

CVE-2025-22470

CL4/6NX Plus and CL4/6NX-J Plus Japan model with the firmware versions prior to 1.15.5-r1 allow crafted dangerous files to be uploaded. An arbitrary Lua script may be executed on the system with the root privilege...

CVE-2025-22470

CL4/6NX Plus and CL4/6NX-J Plus Japan model with the firmware versions prior to 1.15.5-r1 allow crafted dangerous files to be uploaded. An arbitrary Lua script may be executed on the system with the root privilege...

CVE-2025-22470

CL4/6NX Plus and CL4/6NX-J Plus Japan model with the firmware versions prior to 1.15.5-r1 allow crafted dangerous files to be uploaded. An arbitrary Lua script may be executed on the system with the root privilege...

CVE-2025-22470

CVE-2025-22470 affects SATO CL4/6NX Plus and CL4/6NX-J Plus (Japan model) with firmware versions prior to 1.15.5-r1. The vulnerability arises from the ability to upload crafted dangerous files, enabling an arbitrary Lua script to execute on the target system with root privileges. Public reference...

Multiple vulnerabilities in Sato label printers CL4/6NX Plus and CL4/6NX-J Plus series

Overview Sato label printers CL4/6NX Plus and CL4/6NX-J Plus series provided by SATO Corporation contain multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2025-22469 Unrestricted upload of file with dangerous type CWE-434 - CVE-2025-22470 MASAHIRO IIDA of LAC Co., Ltd...

Linux Distros Unpatched Vulnerability : CVE-2022-29911

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An improper implementation of the new iframe sandbox keyword allow-top-navigation-by-user- activation could lead to script execution without allow-scripts being...

CLSA-2025-1754413251 git: Fix of 2 CVEs

CVE-2025-27614: fix a vulnerability in Gitk that allowed arbitrary script execution via specially crafted filenames in a repository - CVE-2025-27614: fix a vulnerability in Gitk that allowed arbitrary file creation/truncation - CVE-2025-46835: fix a vulnerability in Git GUI where editing files in...

CLSA-2025-1754413156 git: Fix of 2 CVEs

CVE-2025-27614: fix a vulnerability in Gitk that allowed arbitrary script execution via specially crafted filenames in a repository - CVE-2025-27614: fix a vulnerability in Gitk that allowed arbitrary file creation/truncation - CVE-2025-46835: fix a vulnerability in Git GUI where editing files in...

Exploit for Improper Neutralization in Alinto Sogo

CVE-2022-4556 - Stored XSS in SOGo Webmail v5.7.1 🧠 Summ...

WordPress plugin WP Easy Contact 跨站脚本漏洞

WordPress WP Easy Contact plugin is mainly used for website message function management, support users to submit messages and send them to the administrator's mailbox. WordPress WP Easy Contact plugin suffers from a cross-site scripting vulnerability that stems from the lack of effective filterin...