106 matches found
phpPgAdmin contains a remote command execution vulnerability
phpPgAdmin 7.13.0 contains a remote command execution vulnerability that allows authenticated attackers to execute arbitrary system commands through SQL query manipulation. Attackers can create a custom table, upload a malicious .txt file, and use the COPY FROM PROGRAM command to execute operatin...
CVE-2025-13774 SQL injection leading to privilege escalation in Progress Flowmon ADS
A vulnerability exists in Progress Flowmon ADS versions prior to 12.5.4 and 13.0.1 where an SQL injection vulnerability allows authenticated users to execute unintended SQL queries and commands...
Progress Flowmon ADS SQL注入漏洞
Progress Flowmon ADS is a network traffic analysis and anomaly detection system from Progress, Inc. A SQL injection vulnerability exists in Progress Flowmon ADS versions prior to 12.5.4 and prior to 13.0.1, which stems from an SQL injection that could lead to the execution of unexpected SQL queri...
CVE-2024-58321
CVE-2024-58321 is a stored XSS vulnerability in Kentico Xperience introduced via form validation rule configuration. Affected components are Kentico Xperience ASP.NET Core WebApp and ASP.NET MVC5 Libraries (as referenced in Snyk and CVE records). The underlying issue is insufficient encoding of v...
CVE-2025-14166
CVE-2025-14166 concerns the WordPress plugin WPMasterToolKit (WPMTK) up to version 2.13.0. The source documents confirm that an authenticated user with Contributor+ or Author+ roles can exploit Code Snippets via the plugin to inject PHP code on the server, enabling remote code execution and poten...
EUVD-2025-198510
Wazuh is a security detection, visibility, and compliance open source project. From version 4.9.0 to before 4.13.0, the Wazuh API – Agent Configuration in certain configurations allows authenticated users with read-only API roles to retrieve agent enrollment credentials through the...
CVE-2025-64483
CVE-2025-64483 affects Wazuh (4.9.0–before 4.13.0) via the Wazuh API – Agent Configuration endpoint. In certain configurations, authenticated users with read-only API roles could retrieve agent enrollment credentials through the /utils/configuration endpoint, enabling registration of new agents w...
Wazuh 安全漏洞
Wazuh is a Wazuh open source application. It is used to collect, aggregate, index and analyze security data to help organizations detect intrusions, threats and behavioral anomalies. A security vulnerability exists in Wazuh versions prior to 4.13.0 that originates from an authenticated attacker w...
CVE-2025-41074 Multiple vulnerabilities in Limesurvey
Vulnerability in LimeSurvey 6.13.0 in the endpoint /optout that causes infinite HTTP redirects when accessed directly. This behavior can be exploited to generate a Denegation of Service DoS attack, by exhausting server or client resources. The system is unable to break the redirect loop, which ca...
WordPress GiveWP - Donation plugin and Fundraising Platform plugin <= 4.13.0 - Unauthenticated Stored Cross-Site Scripting via 'name' vulnerability
WordPress GiveWP - Donation plugin and Fundraising Platform plugin = 4.13.0 - Unauthenticated Stored Cross-Site Scripting via 'name' vulnerability discovered by shark3y in WordPress Plugin GiveWP versions = 4.13.0...
CVE-2025-64748
Directus is a real-time API and App dashboard for managing SQL database content. A vulnerability in versions prior to 11.13.0 allows authenticated users to search concealed/sensitive fields when they have read permissions. While actual values remain masked , successful matches can be detected...
CVE-2025-64747 Directus Vulnerable to Stored Cross-site Scripting
Directus is a real-time API and App dashboard for managing SQL database content. A stored cross-site scripting XSS vulnerability exists in versions prior to 11.13.0 that allows users with upload files and edit item permissions to inject malicious JavaScript through the Block Editor interface...
PT-2025-46911
Name of the Vulnerable Software and Affected Versions Directus versions prior to 11.13.0 Description Directus does not properly remove field-level permissions when a field is deleted. When a field is removed from a collection, its reference in the permissions table is not cleared. This creates a...
Linux Distros Unpatched Vulnerability : CVE-2025-13013
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mitigation bypass in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Firefox ESR 115.30, Thunderbird 145, and...
WordPress Seriously Simple Podcasting plugin <= 3.13.0 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by daroo in WordPress Plugin Seriously Simple Podcasting versions = 3.13.0...
CVE-2025-60595
SPH Engineering UgCS 5.13.0 is vulnerable to Arbitary code execution...
SPH Engineering UgCS 安全漏洞
SPH Engineering UgCS is a UAV mission planning and flight control software from the Latvian company SPH. A security vulnerability exists in SPH Engineering UgCS version 5.13.0, which originates from a vulnerability that could lead to arbitrary code execution...
CVE-2025-60595
CVE-2025-60595 affects SPH Engineering UgCS 5.13.0 and enables arbitrary code execution. The included metrics indicate a network-exposed, low-Complexity attack with no privileges required and no user interaction, resulting in high integrity impact and low confidentiality impact. The sources confi...
CVE-2025-62800 FastMCP vulnerable to reflected XSS in client's callback page
FastMCP is the standard framework for building MCP applications. Versions prior to 2.13.0 have a reflected cross-site scripting vulnerability in the OAuth client callback page oauthcallback.py where unescaped user-controlled values are inserted into the generated HTML, allowing arbitrary JavaScri...
CVE-2025-62800 FastMCP vulnerable to reflected XSS in client's callback page
FastMCP is the standard framework for building MCP applications. Versions prior to 2.13.0 have a reflected cross-site scripting vulnerability in the OAuth client callback page oauthcallback.py where unescaped user-controlled values are inserted into the generated HTML, allowing arbitrary JavaScri...