222110 matches found
CVE-2023-53868 Coppermine Gallery 1.6.25 Remote Code Execution via Plugin Upload
Coppermine Gallery 1.6.25 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the plugin manager. Attackers can upload a zipped PHP file with system commands to the plugin directory and execute arbitrary code by accessing the...
Cross-site Scripting (XSS)
Overview getgrav/grav is a Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the page editing. An attacker can execute arbitrary JavaScript in the context of other users by injecting malicio...
CVE-2025-14714 TCC Bypass via Inherited Permissions in Bundled Interpreter
An Authentication Bypass vulnerability existed where the application bundled an interpreter Python that inherits the Transparency, Consent, and Control TCC permissions granted by the user to the main application bundle By executing the bundled interpreter directly the attacker's scripts run with...
MAL-2025-192571 Malicious code in paypal-scripts-server-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ba55fed7af17fadd676b95594de23778a414dc138beda86d133775a45fdcb03c The package paypal-scripts-server-utils was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-203341
Malicious code in paypal-scripts-server-utils npm...
Malicious Package
Overview paypal-scripts-server-utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Perch CMS 安全漏洞
Perch CMS is a content management system from Perch. A security vulnerability exists in Perch CMS version 3.2 that stems from allowing authenticated administrators to upload arbitrary PHP files through the asset management interface, which could lead to remote code execution...
Blackcat CMS 安全漏洞
Blackcat CMS is a content management system from the German company Blackcat. A security vulnerability exists in Blackcat CMS version 1.4 that stems from allowing authenticated administrators to upload malicious PHP files via the jquery plugin manager, which could lead to remote code execution...
Coppermine Photo Gallery 安全漏洞
Coppermine Photo Gallery CPG is a web-based photo album management system written in PHP by Coppermine team. The system provides user management, album password access restrictions and automatic generation of thumbnails and other features. A security vulnerability exists in Coppermine Photo Galle...
PT-2025-51287
Name of the Vulnerable Software and Affected Versions WEBIGniter version 28.7.23 Description The software contains a file upload issue that permits authenticated attackers to upload and execute malicious PHP files via the media function. An attacker with any valid account can upload PHP scripts,...
WEBIGniter 代码问题漏洞
WEBIGniter is a content management system from WEBIGniter, Inc. A code issue vulnerability exists in WEBIGniter version 28.7.23, which stems from a file upload vulnerability in the media feature that could lead to the upload and execution of dangerous PHP files...
CVE-2025-8617
The YITH WooCommerce Quick View plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's yithquickview shortcode in all versions up to, and including, 2.7.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
EUVD-2025-203233
The a3 Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.7.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access...
EUVD-2025-203247
The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Comparison and Subscribe widgets in all versions up to, and including, 1.0.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
EUVD-2025-203213
The YITH WooCommerce Quick View plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's yithquickview shortcode in all versions up to, and including, 2.7.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-8199
The MarqueeAddons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Testimonial Marquee widget in all versions up to, and including, 2.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
Cross-site Scripting (XSS)
Magento versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a...
Cross Site Scripting (XSS)
mediawiki/cargo is vulnerable to Cross Site Scripting XSS. The vulnerability is due to insufficient input sanitization during web page generation, which allows an attacker to inject and store malicious scripts that are executed in the context of other users when the affected content is viewed...
Cross Site Scripting (XSS)
code16/sharp is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input validation and output encoding in src/Form/Fields/SharpFormUploadField.php, which allows an attacker to inject and execute arbitrary malicious scripts in a victim’s browser...
Stored Cross-Site Scripting (XSS)
getgrav/grav is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to insufficient input sanitization in the dataheadertemplate parameter at the /admin/pages/page endpoint, which allows an attacker to inject and store malicious scripts that execute when the content is rendere...