Project64 安全漏洞

Project64 is a simulator software developed by Project64 Corporation, designed to run Nintendo 64 games on computers. Version 2.3.2 of Project64 contains a security vulnerability. This vulnerability stems from a buffer overflow in the plugin directory settings field, which could allow local...

EUVD-2026-18531

Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to version 1.4.10, the verifyIdentity function contained logic that returned true if no session cookies were present. This allowed unauthenticated attackers to bypass security checks and access/modify user settings vi...

UBUNTU-CVE-2026-2803

Information disclosure, mitigation bypass in the Settings UI component. This vulnerability was fixed in Firefox 148 and Thunderbird 148...

CVE-2026-2803

Information disclosure, mitigation bypass in the Settings UI component. This vulnerability was fixed in Firefox 148 and Thunderbird 148...

CVE-2025-11847

The CVE-2025-11847 entry describes a null pointer dereference in the IP settings CGI program of Zyxel VMG3625-T50B (firmware up to 5.50(ABPM.9.6)C0) and Zyxel WX3100-T0 (firmware up to 5.50(ABVL.4.8)C0). An authenticated administrator can trigger a denial-of-service by sending a crafted HTTP requ...

PT-2026-21736

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 148 Thunderbird versions prior to 148 Description An information disclosure issue exists, along with a mitigation bypass, within the Settings UI component. Recommendations Update Firefox to version 148 or later. Updat...

Mozilla Firefox和Mozilla Thunderbird 安全漏洞

Mozilla Firefox and Mozilla Thunderbird are both products of the American Mozilla Foundation. Mozilla Firefox is an open-source web browser. Mozilla Thunderbird is an email client software that emerged independently from the Mozilla Application Suite. This software supports IMAP and POP email...

HCL BigFix IVR 安全漏洞

HCL BigFix IVR is a vulnerability fixing tool from HCL India. A security vulnerability exists in HCL BigFix IVR version 4.2, which stems from improper authentication and lack of CSRF protection for the Local Settings Interface component, which could lead to unauthorized configuration changes...

CVE-2025-8812 atjiu pybbs Admin Panel settings cross site scripting

A vulnerability, which was classified as problematic, was found in atjiu pybbs up to 6.0.0. This affects an unknown part of the file /api/settings of the component Admin Panel. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been...

PerfreeBlog 安全漏洞

PerfreeBlog is PerfreeBlog open source a java-based development of blog/CMS site building platform. A security vulnerability exists in PerfreeBlog version 4.0.11, which originates from a stored cross-site script in the site name field of the background system settings interface...

CVE-2025-3393 mrcen springboot-ucan-admin Personal Settings Interface index cross site scripting

A vulnerability was found in mrcen springboot-ucan-admin up to 5f35162032cbe9288a04e429ef35301545143509. It has been classified as problematic. This affects an unknown part of the file /ucan-admin/index of the component Personal Settings Interface. The manipulation leads to cross site scripting. ...

CVE-2025-3393

CVE-2025-3393 affects mrcen springboot-ucan-admin (up to commit 5f35162032cbe9288a04e429ef35301545143509) and targets the Personal Settings Interface index. The vulnerability enables cross-site scripting through manipulation of an unknown part of that interface, with remote initiation. The descri...

CVE-2025-3393 mrcen springboot-ucan-admin Personal Settings Interface index cross site scripting

A vulnerability was found in mrcen springboot-ucan-admin up to 5f35162032cbe9288a04e429ef35301545143509. It has been classified as problematic. This affects an unknown part of the file /ucan-admin/index of the component Personal Settings Interface. The manipulation leads to cross site scripting. ...

PT-2025-15313 · Unknown · Mrcen Springboot-Ucan-Admin

Name of the Vulnerable Software and Affected Versions: mrcen springboot-ucan-admin up to 5f35162032cbe9288a04e429ef35301545143509 Description: A vulnerability was found in the Personal Settings Interface component of mrcen springboot-ucan-admin, affecting an unknown part of the file...

Easy!Appointments Security Vulnerability

Easy!Appointments is a web-based appointment and schedule management system. A security vulnerability exists in Easy!Appointments, which stems from an insecure authorization issue in the /settings/settingName interface. A low-privileged attacker can exploit this vulnerability to obtain, modify, o...

Advanced Page Visit Counter <= 8.0.6 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Visit the "Settings" interface...

Advanced Page Visit Counter <= 8.0.6 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Visit the "Settings" interface...

WordPress Plugin GDPR Cookie Compliance 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

Huawei WS318n 跨站脚本漏洞

Huawei WS318n is a router from Huawei China.The Huawei WS318n product suffers from a cross-site scripting vulnerability in the network settings interface, which stems from a lack of data validation filtering of user-supplied data and output. An attacker could exploit the vulnerability to execute...

PT-2021-9725 · Red Hat +3 · Red Hat Enterprise Linux 8 +4

Name of the Vulnerable Software and Affected Versions: Red Hat Enterprise Linux 8 versions prior to 8.2 Description: A flaw was found in the GNOME Control Center where it improperly uses Red Hat Customer Portal credentials when a user registers a system through the GNOME Settings User Interface...