8 matches found
CVE-2025-57947
CVE-2025-57947 is a DOM-based XSS in the Photo Gallery by Ays – Responsive Image Gallery WordPress plugin. The initial description notes improper input neutralization during web page generation. Connected docs corroborate target: Photo Gallery by Ays; affected versions listed as
CVE-2023-25802
Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.6.0 don't correctly neutralize dir/../filename sequences, such as /etc/nginx/../passwd, allowing an actor to gain information about a server. Version 6.3.6.0 has a patch for this issue...
CVE-2023-23784
A relative path traversal in Fortinet FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.3.6 through 6.3.20, FortiWeb 6.4 all versions allows attacker to information disclosure via specially crafted web requests...
SUSE CVE-2020-12801
If LibreOffice has an encrypted document open and crashes, that document is auto-saved encrypted. On restart, LibreOffice offers to restore the document and prompts for the password to decrypt it. If the recovery is successful, and if the file format of the recovered document was not LibreOffice'...
PT-2023-14121 · Fortinet · Fortiweb
Name of the Vulnerable Software and Affected Versions: FortiWeb versions 6.3.6 through 6.3.20 FortiWeb versions 6.4.0 through 6.4.2 FortiWeb versions 7.0.0 through 7.0.2 Description: The issue is related to an improper neutralization of CRLF sequences in HTTP headers, also known as 'HTTP Response...
PT-2020-13124 · Grafana +4 · Grafana +4
Name of the Vulnerable Software and Affected Versions: Grafana versions 6.0.0 through 6.3.6 Grafana versions prior to 7.2.1 Description: The configuration files /etc/grafana/grafana.ini and /etc/grafana/ldap.toml are world readable, containing a secret key and a bind password. Recommendations: Fo...
PT-2016-7899 · Oracle +7 · Mysql Server +6
Name of the Vulnerable Software and Affected Versions: MySQL Server versions 5.5.56 and earlier MySQL Server versions 5.6.36 and earlier MySQL Server versions 5.7.18 and earlier Description: The issue allows a low privileged attacker with network access via multiple protocols to compromise MySQL...
2021-11 Cumulative Update for .NET Framework 3.5 and 4.8 for Microsoft server operating system version 21H2 for ARM64 (KB5006364)
2021-11 Cumulative Update for .NET Framework 3.5 and 4.8 for Microsoft server operating system version 21H2 for ARM64 KB5006364...