CVE-2020-0644

An elevation of privilege vulnerability exists when Microsoft Windows implements predictable memory section names, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0635...

CVE-2020-21827

A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read2004compressedsection ../../src/decode.c:2379...

CVE-2020-23689

In YFCMF v2.3.1, there is a stored XSS vulnerability in the comments section of the news page...

CVE-2020-21831

A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read2004sectionhandles ../../src/decode.c:2637...

CVE-2020-21842

A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read2004sectionrevhistory ../../src/decode.c:3051...

CVE-2020-26733

Cross Site Scripting XSS in Configuration page in SKYWORTH GN542VF Hardware Version 2.0 and Software Version 2.0.0.16 allows authenticated attacker to inject their own script into the page via DDNS Configuration Section...

CVE-2020-25444

Cross Site Scripting XSS vulnerability in Booking Core - Ultimate Booking System Booking Core 1.7.0 via the 1 "About Yourself” section under the “My Profile” page, " 2 “Hotel Policy” field under the “Hotel Details” page, 3 “Pricing code” and “name” fields under the “Manage Tour” page, and 4 all t...

CVE-2020-21838

A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via: read2004sectionappinfo ../../src/decode.c:2842...

CVE-2019-8137

A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with privileges to manipulate CMS section of the website can trigger remote code execution via custom layout update...

CVE-2019-14328

The Simple Membership plugin before 3.8.5 for WordPress has CSRF affecting the Bulk Operation section...

CVE-2019-10107

CMS Made Simple 2.2.10 has XSS via the myaccount.php "Email Address" field, which is reachable via the "My Preferences - My Account" section...

CVE-2017-11181

In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found in the Messaging section. Subject and Message fields are vulnerable...

CVE-2018-10137

iScripts UberforX 2.2 has CSRF in the "managesettings" section of the Admin Panel via the /cms?section=managesettings=edit URI...

CVE-2009-3240

Cross-site scripting XSS vulnerability in the Happy Linux XF-Section module 1.12a for XOOPS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2009-5137

Stack-based buffer overflow in Mini-stream CastRipper 2.50.70 allows remote attackers to execute arbitrary code via a long URL in the playlist section in a .pls file, a different vector than CVE-2009-1667...

CVE-2025-46441

Path Traversal: '.../...//' vulnerability in ctltwp Section Widget section-widget allows Path Traversal.This issue affects Section Widget: from n/a through = 3.3.1...

CVE-2025-37975 riscv: module: Fix out-of-bounds relocation access

In the Linux kernel, the following vulnerability has been resolved: riscv: module: Fix out-of-bounds relocation access The current code allows relj to access one element past the end of the relocation section. Simplify to numrelocations which is equivalent to the existing size expression...

CVE-2025-46441

Path Traversal: '.../...//' vulnerability in ctltwp Section Widget section-widget allows Path Traversal.This issue affects Section Widget: from n/a through = 3.3.1...

CVE-2025-46441 WordPress Section Widget plugin <= 3.3.1 - Path Traversal vulnerability

Path Traversal: '.../...//' vulnerability in ctltwp Section Widget section-widget allows Path Traversal.This issue affects Section Widget: from n/a through = 3.3.1...

CVE-2025-46441

CVE-2025-46441 concerns the WordPress Section Widget plugin (versions up to 3.3.1) with a Path Traversal vulnerability in the ctltwp Section Widget. The initial CVE description and multiple connected sources confirm a path traversal issue (".../...//") that could affect Section Widget up through ...