3229 matches found
CVE-2025-66492
CVE-2025-66492 – Masa CMS : Multiple Masa CMS releases are vulnerable to XSS when an unsanitized value from the ajax URL query parameter is injected into the HTML head. Affected versions include 7.2.8 and earlier, 7.3.1–7.3.13, 7.4.0-alpha.1–7.4.8, and 7.5.0–7.5.1. The issue allows execution of a...
PT-2025-50881
Name of the Vulnerable Software and Affected Versions Masa CMS versions 7.2.8 and below Masa CMS versions 7.3.1 through 7.3.13 Masa CMS versions 7.4.0-alpha.1 through 7.4.8 Masa CMS versions 7.5.0 through 7.5.1 Description Masa CMS, an open source Enterprise Content Management platform, is...
CVE-2025-14537
A weakness has been identified in code-projects Class and Exam Timetable Management 1.0. Affected by this issue is some unknown functionality of the file /preview7.php. This manipulation of the argument courseyearsection/semester causes sql injection. Remote exploitation of the attack is possible...
EUVD-2025-202875
A weakness has been identified in code-projects Class and Exam Timetable Management 1.0. Affected by this issue is some unknown functionality of the file /preview7.php. This manipulation of the argument courseyearsection/semester causes sql injection. Remote exploitation of the attack is possible...
CVE-2025-14537 code-projects Class and Exam Timetable Management preview7.php sql injection
A weakness has been identified in code-projects Class and Exam Timetable Management 1.0. Affected by this issue is some unknown functionality of the file /preview7.php. This manipulation of the argument courseyearsection/semester causes sql injection. Remote exploitation of the attack is possible...
quic-go HTTP/3 QPACK Header Expansion DoS
Summary An attacker can cause excessive memory allocation in quic-go's HTTP/3 client and server implementations by sending a QPACK-encoded HEADERS frame that decodes into a large header field section many unique header names and/or large values. The implementation builds an http.Header used on th...
Code-Projects Class and Exam Timetable Management SQL注入漏洞
Class and Exam Timetable Management is a course and exam timetable management system. Class and Exam Timetable Management suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter courseyearsection/semester in the file...
EulerOS 2.0 SP11 : binutils (EulerOS-SA-2025-2455)
According to the versions of the binutils package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copysection of the file...
CVE-2025-63033
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Riyadh Ahmed Make Section & Column Clickable For Elementor make-section-column-clickable-elementor allows Stored XSS.This issue affects Make Section & Column Clickable For Elementor: from n/a throu...
EUVD-2025-201989
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Riyadh Ahmed Make Section & Column Clickable For Elementor make-section-column-clickable-elementor allows Stored XSS.This issue affects Make Section & Column Clickable For Elementor: from n/a throu...
CVE-2025-63033
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Riyadh Ahmed Make Section & Column Clickable For Elementor make-section-column-clickable-elementor allows Stored XSS.This issue affects Make Section & Column Clickable For Elementor: from n/a throu...
CVE-2025-63033
CVE-2025-63033 concerns the WordPress plugin Make Section & Column Clickable For Elementor (versions ≤ 2.3). It enables Stored XSS due to improper input neutralization during web page generation. Wordfence’s vulnerability summary indicates patching in the 2.4 release, mitigating the issue; Patchs...
CVE-2025-63033 WordPress Make Section & Column Clickable For Elementor plugin <= 2.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Riyadh Ahmed Make Section & Column Clickable For Elementor make-section-column-clickable-elementor allows Stored XSS.This issue affects Make Section & Column Clickable For Elementor: from n/a throu...
CVE-2025-63033 WordPress Make Section & Column Clickable For Elementor plugin <= 2.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Riyadh Ahmed Make Section & Column Clickable For Elementor make-section-column-clickable-elementor allows Stored XSS.This issue affects Make Section & Column Clickable For Elementor: from n/a throu...
CVE-2025-14214
A vulnerability has been found in itsourcecode Student Information System 1.0. This affects an unknown part of the file /sectionedit1.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and ma...
WordPress plugin Make Section Column Clickable For Elementor 跨站脚本漏洞
WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that provides the ability to set up a personal blog site on a PHP and MySQL based server. A cross-site scripti...
PT-2025-50040
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Riyadh Ahmed Make Section & Column Clickable For Elementor make-section-column-clickable-elementor allows Stored XSS.This issue affects Make Section & Column Clickable For Elementor: from n/a throu...
CVE-2025-14214
A vulnerability has been found in itsourcecode Student Information System 1.0. This affects an unknown part of the file /sectionedit1.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and ma...
CVE-2025-14214
A vulnerability has been found in itsourcecode Student Information System 1.0. This affects an unknown part of the file /sectionedit1.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and ma...
CVE-2025-14214 itsourcecode Student Information System section_edit1.php sql injection
A vulnerability has been found in itsourcecode Student Information System 1.0. This affects an unknown part of the file /sectionedit1.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and ma...