1340 matches found
PT-2025-43711
Name of the Vulnerable Software and Affected Versions Tutor LMS Pro versions prior to 3.8.4 Description The Tutor LMS Pro plugin for WordPress is susceptible to an Insecure Direct Object Reference issue. This is due to a lack of proper validation on a user-controlled key when handling assignment...
CVE-2025-40643
Stored Cross-Site Scripting XSS vulnerability in Energy CRM v2025 by Status Tracker Ltd, consisting of a stored XSS due to lack of proper validation of user input by sending a POST request to “/crm/createjobsubmit.php”, using the “JobCreatedBy” parameter. This vulnerability could allow a remote...
CVE-2025-40643 Stored Cross-Site Scripting (XSS) in Energy CRM by Status Tracker
Stored Cross-Site Scripting XSS vulnerability in Energy CRM v2025 by Status Tracker Ltd, consisting of a stored XSS due to lack of proper validation of user input by sending a POST request to “/crm/createjobsubmit.php”, using the “JobCreatedBy” parameter. This vulnerability could allow a remote...
CVE-2025-40643
Energy CRM v2025 by Status Tracker Ltd contains a Stored XSS in the /crm/create_job_submit.php endpoint via the JobCreatedBy input. The lack of proper validation allows an attacker to craft a request that could be stored and later executed in an authenticated user’s browser, potentially exposing ...
EUVD-2025-35664
Stored Cross-Site Scripting XSS vulnerability in Energy CRM v2025 by Status Tracker Ltd, consisting of a stored XSS due to lack of proper validation of user input by sending a POST request to “/crm/createjobsubmit.php”, using the “JobCreatedBy” parameter. This vulnerability could allow a remote...
Energy CRM 跨站脚本漏洞
Energy CRM is an enterprise resource management system from Energy UK. A cross-site scripting vulnerability exists in Energy CRM version v2025, which stems from insufficient validation of user input for the parameter JobCreatedBy in the file /crm/createjobsubmit.php, which could lead to a stored...
CVE-2025-40640 Stored Cross-Site Scripting (XSS) in Energy CRM by Status Tracker
Stored Cross-Site Scripting XSS vulnerability in Energy CRM v2025 by Status Tracker Ltd, consisting of a stored XSS due to lack of proper validation of user input by sending a POST request to “/crm/createinvoicesubmit.php”, using the “customerName0” parameter. This vulnerability could allow a...
PT-2025-41534
Name of the Vulnerable Software and Affected Versions Energy CRM version 2025 Description A stored Cross-Site Scripting XSS issue exists due to insufficient validation of user-supplied data. A remote user can potentially send a malicious query to an authenticated user, potentially leading to the...
Energy CRM 跨站脚本漏洞
Energy CRM is an enterprise resource management system from Energy UK. A cross-site scripting vulnerability exists in Energy CRM version v2025, which stems from insufficient input validation of the parameter customerName0 in the file /crm/createinvoicesubmit.php, which could lead to a stored...
CVE-2025-61601 BigBlueButton vulnerable to DoS via PollSubmitVote GraphQL mutation
BigBlueButton is an open-source virtual classroom. A Denial of Service DoS vulnerability in versions prior to 3.0.13 allows any authenticated user to freeze or crash the entire server by abusing the polling feature's Choices response type. By submitting a malicious payload with a massive array in...
CVE-2025-61601 BigBlueButton vulnerable to DoS via PollSubmitVote GraphQL mutation
BigBlueButton is an open-source virtual classroom. A Denial of Service DoS vulnerability in versions prior to 3.0.13 allows any authenticated user to freeze or crash the entire server by abusing the polling feature's Choices response type. By submitting a malicious payload with a massive array in...
CVE-2025-61601
BigBlueButton has a DoS vulnerability (CVE-2025-61601) in versions prior to 3.0.13. The issue stems from mishandling the polling feature’s Choices response: sending a malicious payload with a massive answerIds array can freeze or crash the current meeting and potentially affect the server. A patc...
CVE-2025-61601 BigBlueButton vulnerable to DoS via PollSubmitVote GraphQL mutation
BigBlueButton is an open-source virtual classroom. A Denial of Service DoS vulnerability in versions prior to 3.0.13 allows any authenticated user to freeze or crash the entire server by abusing the polling feature's Choices response type. By submitting a malicious payload with a massive array in...
CVE-2025-54401
Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to stack-based buffer overflow. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This...
CVE-2025-54402
Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to stack-based buffer overflow. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This...
UBUNTU-CVE-2022-50542
In the Linux kernel, the following vulnerability has been resolved: media: si470x: Fix use-after-free in si470xintincallback syzbot reported use-after-free in si470xintincallback 1. This indicates that urb-context, which contains struct si470xdevice object, is freed when si470xintincallback is...
EUVD-2025-32808
In the Linux kernel, the following vulnerability has been resolved: media: si470x: Fix use-after-free in si470xintincallback syzbot reported use-after-free in si470xintincallback 1. This indicates that urb-context, which contains struct si470xdevice object, is freed when si470xintincallback is...
CVE-2025-54401
Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to stack-based buffer overflow. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This...
CVE-2025-54401
Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to stack-based buffer overflow. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This...
CVE-2025-54402
Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to stack-based buffer overflow. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This...