805 matches found
CVE-2025-42872 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal
Due to a Cross-Site Scripting XSS vulnerability in SAP NetWeaver Enterprise Portal, an unauthenticated attacker could inject malicious scripts that execute in the context of other users� browsers, allowing the attacker to steal session cookies, tokens, and other sensitive information. As a result...
CVE-2025-12585
The MxChat – AI Chatbot for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.5 via upload filenames. This makes it possible for unauthenticated attackers to extract session values that can subsequently be used to access...
CVE-2025-12585 MxChat – AI Chatbot for WordPress <= 2.5.5 - Unauthenticated Information Exposure
The MxChat – AI Chatbot for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.5 via upload filenames. This makes it possible for unauthenticated attackers to extract session values that can subsequently be used to access...
WordPress plugin MxChat 信息泄露漏洞
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin MxChat, which stems from...
SUSE CVE-2025-60799
phpPgAdmin 7.13.0 and earlier contains an incorrect access control vulnerability in sql.php at lines 68-76. The application allows unauthorized manipulation of session variables by accepting user-controlled parameters 'subject', 'server', 'database', 'queryid' without proper validation or access...
CVE-2025-60799
phpPgAdmin 7.13.0 and earlier contains an incorrect access control vulnerability in sql.php at lines 68-76. The application allows unauthorized manipulation of session variables by accepting user-controlled parameters 'subject', 'server', 'database', 'queryid' without proper validation or access...
CVE-2025-60799
phpPgAdmin 7.13.0 and earlier contains an incorrect access control vulnerability in sql.php at lines 68-76. The application allows unauthorized manipulation of session variables by accepting user-controlled parameters 'subject', 'server', 'database', 'queryid' without proper validation or access...
PT-2025-46825
Name of the Vulnerable Software and Affected Versions xCally Omnichannel version 3.30.1 Description A cross-site scripting XSS issue exists in xCally's Omnichannel version 3.30.1. The issue allows an attacker to execute JavaScript code in a victim’s browser. This is achieved by sending a maliciou...
Siemens SIMATIC S7-1500 Exposure of Resource to Wrong Sphere (CVE-2021-22897)
curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPTSSLCIPHERLIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single static variable in the library, which has the surprising...
CVE-2025-12815
An ownership verification issue in the Virtual Desktop preview page in the Research and Engineering Studio RES on AWS before version 2025.09 may allow an authenticated remote user to view another user's active desktop session metadata, including periodical desktop preview screenshots. To mitigate...
CVE-2025-12815
An ownership verification issue in the Virtual Desktop preview page in the Research and Engineering Studio RES on AWS before version 2025.09 may allow an authenticated remote user to view another user's active desktop session metadata, including periodical desktop preview screenshots. To mitigate...
CVE-2025-12815
Summary of CVE-2025-12815 (AWS RES) : An ownership verification issue exists in the Virtual Desktop preview page of the Research and Engineering Studio (RES) on AWS, affecting versions prior to 2025.09. A remote user with network access may be able to view metadata from another user’s active desk...
CVE-2025-12815
An ownership verification issue in the Virtual Desktop preview page in the Research and Engineering Studio RES on AWS before version 2025.09 may allow an authenticated remote user to view another user's active desktop session metadata, including periodical desktop preview screenshots. To mitigate...
agno 安全漏洞
agno is an Agno open source full-stack framework for building multi-intelligence systems with memory, knowledge and reasoning. A security vulnerability exists in agno version 2.0.0 through versions prior to 2.2.2, which stems from a contention condition in sessionstate passing in highly concurren...
CVE-2025-62516
Landlord Onboarding & Rental Signup introduces the landlord onboarding workflow and rental signup system for VivaTurbo Rentals & Property Services. In 2.0.0 and earlier, a vulnerability was identified in the TurboTenant property listing activation workflow that could allow unauthorized access to...
CVE-2025-62516
CVE-2025-62516 entry rejected; not an active vulnerability.
CVE-2025-62516 Landlord Onboarding & Rental Signup Unauthorized Access Vulnerability in TurboTenant Stripe Integration
Landlord Onboarding & Rental Signup introduces the landlord onboarding workflow and rental signup system for VivaTurbo Rentals & Property Services. In 2.0.0 and earlier, a vulnerability was identified in the TurboTenant property listing activation workflow that could allow unauthorized access to...
PT-2025-44030
Name of the Vulnerable Software and Affected Versions TurboTenant versions prior to 2.0.0 Description A security issue exists in the TurboTenant landlord onboarding and rental signup system, specifically within the property listing activation workflow. This issue could allow unauthorized access t...
CVE-2025-61997 OPEXUS FOIAXpress stored XSS via banner image
OPEXUS FOIAXpress before 11.13.3.0 allows an administrative user to inject JavaScript or other content within the Annual Report Enterprise Banner image upload field. Injected content is executed in the context of other users when they generate an Annual Report. Successful exploitation allows the...
EUVD-2020-19405
Malware in sbrugna...