10 matches found
CVE-2026-34077
React Router upstream vulnerability CVE-2026-34077 affects versions 7.7.0–7.13.1 where, when using unstable React Server Components APIs, the RSC redirect handling can lead to a client-side XSS if redirects come from untrusted sources. The issue does not impact non-RSC applications. A fix is avai...
CVE-2026-7705
A flaw has been found in JD Cloud JDCOS 4.5.1.r4518. This vulnerability affects the function setiptvinfo of the file /jdcap of the component Service Interface. Executing a manipulation of the argument vid can lead to command injection. It is possible to launch the attack remotely. The exploit has...
CVE-2025-67705
creationtimestamp| type| source ---|---|--- 2026-01-01 00:36:48+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mbd56v7z2r2c 2026-01-02 18:51:10+00:00| seen| Telegram/jewkuyTggD2PWaKrabPFdcCxroyUzLRM-AR1O-LdmNxSvc...
Logpoint SIEM 跨站脚本漏洞
Logpoint SIEM is a Security Information and Event Management SIEM solution from Logpoint, Inc. A cross-site scripting vulnerability exists in Logpoint SIEM versions prior to 7.7.0 that stems from insufficient input validation and output escaping, which could lead to cross-site scripting attacks...
Fortra GoAnywhere MFT 安全漏洞
Fortra GoAnywhere MFT is a secure file transfer solution from Fortra USA. A security vulnerability exists in Fortra GoAnywhere MFT versions prior to 7.7.0 that stems from an information disclosure vulnerability that allows external access to resources in certain administrative root folders...
CVE-2024-6448
The Mollie Payments for WooCommerce plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 7.7.0. This is due to the error reporting being enabled by default in multiple plugin files. This makes it possible for unauthenticated attackers to obtain the full...
CVE-2023-6314
Stack-based buffer overflow in FPWin Pro version 7.7.0.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file...
CVE-2022-0025
A local privilege escalation PE vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local user with file creation privilege in the Windows root directory such as C:\ to execute a program with elevated privileges. This issue impacts: All...
Elasticsearch Information Disclosure Vulnerability (CNVD-2021-03548)
Elasticsearch is a search engine based on the Lucene library. An information disclosure vulnerability exists in the asynchronous search API in Elasticsearch 7.7.0 - 7.10.1. The vulnerability stems from the fact that users performing asynchronous searches will incorrectly store HTTP headers. An...
Enterprise Search 7.7.0 security update
Elastic App Search Cross Site Scripting flaw ESA-2020-04 Elastic App Search versions before 7.7.0 contain a cross site scripting XSS flaw when displaying document URLs in the Reference UI. If the Reference UI injects a URL into a result, that URL will be rendered by the web browser. If an attacke...