WordPress Optimole plugin cross-site scripting vulnerability

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress plugin Optimole version 3.3.2 has a cross-site scripting vulnerability that stems from the failure of image optimization and...

CVE-2022-24708 Stored XSS vulnerability in anuko/timetracker

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. ttUser.class.php in Time Tracker versions prior to 1.20.0.5646 was not escaping primary group name for display. Because of that, it was possible for a logged in user to modify primary group name with element...

Wordpress Database Backup Plugin SQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is a WordPress open source application plugin. wordpress Database Backup Plugin has a SQL injecti...

WordPress plugin 跨站脚本漏洞

WordPress plugin is an open source application plugin for WordPress. WordPress plugin suffers from a cross-site scripting vulnerability that stems from insufficient escaping via the loadertext parameter in the /includes/templates/landing-page.php file, which allows an attacker with administrative...

WordPress WooCommerce myghpay Payment Gateway plugin cross-site scripting vulnerability

The WooCommerce myghpay Payment Gateway plugin is a WordPress open source application plugin. cross-site scripting vulnerability exists in the WordPress WooCommerce myghpay Payment Gateway plugin, which stems from /processresponse. php's clientref parameter lacks a data validation filter for...

DynPG 跨站脚本漏洞

Dynpg Organization Dynpg is Dynpg Organization an open source application. It is used to create web sites. A security vulnerability exists in DynPG, which stems from the WEB application's lack of proper validation of client-side data. An attacker can exploit the vulnerability to execute client-si...

Laurent Rineau CGAL Code Execution Vulnerability (CNVD-2022-32788)

Laurent Rineau CGAL is an open source application from Laurent Rineau. It provides access to geometric algorithms in the form of C libraries. Laurent Rineau CGAL suffers from a security vulnerability that can be exploited by an attacker to cause out-of-range reads and type obfuscation via a...

Unspecified vulnerability in Nextcloud (CNVD-2021-51815)

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Server that stems from a lack of privilege checking in Nextcloud Server, where tokens are able to change their ow...

ECTouch SQL Injection Vulnerability

ECTouch is an application. An open source mobile mall system to create an enterprise exclusive mobile mall. ECTouch suffers from a SQL injection vulnerability, which originates from the SQL injection vulnerability in ECTouch v2 generated through the integralmin parameter in index.php. An attacker...

Jenkins CAS Plugin Input Validation Error Vulnerability

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plug-ins to support building, deploying and automating any project . An input validation error vulnerability exists in Jenkins CAS Plugin 1.6.0 and earlier versions, which stems from Jenki...

Sourcecodester Online Shopping Alphaware SQL Injection Vulnerability (CNVD-2021-95931)

Sourcecodester Online Shopping Alphaware is a Buffalo company Sourcecodester open source an online shopping system application . Sourcecodester Online Shopping Alphaware version 1.0 has a SQL injection vulnerability that can be exploited by an attacker to inject an executable SQL statement to...

Github authelia authorization issue vulnerability

Github authelia is an application from Github USA. An open source authentication and authorization server that provides 2-factor authentication and single sign-on SSO to applications through a web portal. Authelia versions prior to 4.29.3 have an authorization issue vulnerability that allows a...

Mohamed Dief Discord-Recon Code Injection Vulnerability (CNVD-2021-37748)

Mohamed Dief Discord-Recon is a Mohamed Dief open source application. It is used to perform the reconnaissance process b from Discord. A code injection vulnerability exists in Discord-Recon version 0.0.3 and earlier versions, which can be exploited by a remote attacker to be able to overwrite any...

Zulip server access control error vulnerability (CNVD-2021-39935)

Zulip server is an open source team chat application from the American company Zulip. An Access Control Error vulnerability exists in versions of Zulip Server prior to 3.4, which results in a user with this privilege being able to send messages. No details of the vulnerability are provided at thi...

Unspecified vulnerability in Zulip server (CNVD-2021-39547)

Zulip server is an open source team chat application from the American company Zulip. A security vulnerability exists in Zulip Server versions prior to 3.4 that stems from a public API that causes guest users to be able to receive message traffic from a public stream that should only be accessibl...

Lex Li vscode-restructuredtext access control error vulnerability

Lex Li vscode-restructuredtext is a Lex Li open source application. This extension provides rich reStructuredText language support for Visual Studio Code.An access control error vulnerability exists in versions prior to Lex Li vscode-restructuredtext 146.0.0, which stems from the inclusion of an...

SOURCEFORGE LATRIX SQL Injection Vulnerability

SOURCEFORGE LATRIX is an open source application from the SOURCEFORGE organization. It provides presence and attendance records, attendance tracking, paperless leave requests with freely definable leave types, downtime, fire registration and extensive reporting options. LATRIX version 0.6.0 suffe...

Łukasz Magiera lotus 数据伪造问题漏洞

Łukasz Magiera lotus is an open source application by Łukasz Magiera.Filecoin distributed storage network implementation. Lotus has a security vulnerability. the Lotus block validation function performs a uniqueness check on the supplied block...

pczupil X2CRM Cross-Site Scripting Vulnerability

pczupil X2CRM is a pczupil open source application. A next generation open source social selling application for small and medium sized businesses. A cross-site scripting vulnerability exists in pczupil X2CRM version 7.1, which can be exploited to inject arbitrary web script or HTML via the...

Jason Summers deark null pointer dereference vulnerability

Jason Summers deark is a Jason Summers open source application. A command line utility that can decode certain types of files. A null pointer dereference vulnerability exists in the dbufwrite function in src/deark-dbuf.c in versions of Jason Summers deark prior to 1.5.8, which can be exploited by...