800 matches found
CVE-2026-5109
The Gravity Forms WordPress plugin (versions up to and including 2.10.0) is vulnerable to Stored Cross-Site Scripting via the Product Option field. The root cause is insufficient validation and output escaping: the state validation accepts wp_kses()-sanitized values that match legitimate options ...
EUVD-2026-26741
The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient validation and output escaping of Product Option field values. The vulnerability exists because the state validation function accepts submitted...
PT-2026-36573
The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient validation and output escaping of Product Option field values. The vulnerability exists because the state validation function accepts submitted...
CVE-2018-25298 Merge PACS 7.0 Cross-Site Request Forgery via merge-viewer
Merge PACS 7.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms targeting the merge-viewer endpoint. Attackers can submit POST requests to /servlet/actions/merge-viewer/summary with login credentials to hija...
Merative Merge PACS 跨站请求伪造漏洞
Merative Merge PACS is a medical imaging archiving and communication system developed by the American company Merative. Version 7.0 of Merative Merge PACS contains a cross-site request forgeing vulnerability. This vulnerability stems from cross-site request forgery, allowing attackers to execute...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013561)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013561 advisory. In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on summary info As Wenqing Liu reported in bugzilla:...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010955)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010955 advisory. In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on summary info As Wenqing Liu reported in bugzilla:...
cve-deep-dives
CVE Deep-Dives In-depth technical analyses of significant v...
CVE-2026-2389
The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 7.4.4.2. This is due to the revertdivstosummary function replacing " HTML entities with literal double-quote characters " in post content without...
Git MCP Server 操作系统命令注入漏洞
Git MCP Server is an MCP server developed by Casey Hand individually. Git MCP Server has a vulnerability related to operating system command injection. This vulnerability stems from the use of the childprocess.exec function in the file gitUtils.ts, which contains commands like...
CVE-2026-3022
Non-relational SQL injection vulnerability NoSQLi in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/hospitalization/generate-hospitalization-summary'. This vulnerability could allow an authenticated user to alter a POST request to the affected endpoint for the purpose o...
CVE-2026-3022
The CVE-2026-3022 entry concerns the Wakyma web application. A NoSQL injection (NoSQLi) vulnerability exists in the endpoint vets.wakyma.com/hospitalization/generate-hospitalization-summary, where an authenticated user can modify a POST request to inject NoSQL commands and potentially access cust...
GHSA-2XC6-348P-C2X6 Sylius affected by IDOR in Cart and Checkout LiveComponents
Impact An authenticated Insecure Direct Object Reference IDOR vulnerability exists in multiple shop LiveComponents due to unvalidated resource IDs accepted via LiveArg parameters. Unlike props, which are protected by LiveComponent's @checksum, args are fully user-controlled - any action that...
Missing Authorization
github.com/treeverse/lakefs is vulnerable to Missing Authorization. The vulnerability is due to lack of authentication checks on the /api/v1/usage-report/summary endpoint, which allows an attacker to access aggregate API usage information without authorization...
CVE-2025-57681
The WorklogPRO - Timesheets for Jira plugin in Jira Data Center before version 4.23.6-jira10 and before version 4.23.5-jira9 allows users and attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability. The vulnerability is exploited via a specially crafted paylo...
Azure Linux 3.0 Security Update: kernel (CVE-2025-38194)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38194 advisory. - In the Linux kernel, the following vulnerability has been resolved: jffs2: check that raw node were...
CVE-2025-57681
The WorklogPRO - Timesheets for Jira plugin in Jira Data Center before version 4.23.6-jira10 and before version 4.23.5-jira9 allows users and attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability. The vulnerability is exploited via a specially crafted paylo...
CVE-2025-57681
The WorklogPRO - Timesheets for Jira plugin in Jira Data Center before version 4.23.6-jira10 and before version 4.23.5-jira9 allows users and attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability. The vulnerability is exploited via a specially crafted paylo...
CVE-2025-57681
The WorklogPRO - Timesheets for Jira plugin in Jira Data Center before version 4.23.6-jira10 and before version 4.23.5-jira9 allows users and attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability. The vulnerability is exploited via a specially crafted paylo...
CVE-2025-57681
The CVE-2025-57681 entry covers a Cross-Site Scripting (XSS) vulnerability in the WorklogPRO - Timesheets for Jira plugin for Jira Data Center. Concrete details from connected sources show: affected software and versions (WorklogPRO - Timesheets for Jira ≤ before 4.23.6-jira10 and ≤ before 4.23.5...