648 matches found
OpenSSL security vulnerabilities
OpenSSL is an open-source encryption library developed by the OpenSSL team that enables secure implementation of Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure...
CVE-2026-24600
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PenciDesign Penci Review penci-review allows Stored XSS.This issue affects Penci Review: from n/a through = 3.5...
CVE-2025-27005
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup HTML5 Video Player lbg-vp2-html5-bottom allows Reflected XSS.This issue affects HTML5 Video Player: from n/a through = 5.3.5...
CVE-2025-32123
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup HTML5 Video Player with Playlist & Multiple Skins lbg-vp2-html5-rightside allows Reflected XSS.This issue affects HTML5 Video Player with Playlist & Multiple Skins: from n/a through =...
CVE-2025-27005
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup HTML5 Video Player lbg-vp2-html5-bottom allows Reflected XSS.This issue affects HTML5 Video Player: from n/a through = 5.3.5...
WordPress plugin lbg-vp2-html5-rightside has a cross-site scripting vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
CVE-2026-23847
SiYuan is a personal knowledge management system. Versions prior to 3.5.4 are vulnerable to reflected cross-site scripting in /api/icon/getDynamicIcon due to unsanitized SVG input. The endpoint generates SVG images for text icons type=8. The content query parameter is inserted directly into the S...
MiracleLinux 8 : php:7.4 (AXSA:2022-3573:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3573:01 advisory. php: Local privilege escalation via PHP-FPM CVE-2021-21703 php: SSRF bypass in FILTERVALIDATEURL CVE-2021-21705 Tenable has extracted the preceding...
TeamSpeak 安全漏洞
TeamSpeak is a voice software from the American company TeamSpeak. A security vulnerability exists in TeamSpeak version 3.5.6, which stems from insecure file permissions and could lead to a local attacker replacing executable files...
CVE-2023-50441
Encrypted folders created by PRIMX ZONECENTRAL for Windows before Q.2021.2 ANSSI qualification submission or ZONECENTRAL for Windows before 2023.5 can be modified by an unauthenticated attacker to include a UNC reference so that it could trigger outbound network traffic from computers on which...
WordPress HTML5 Video Player with Playlist & Multiple Skins plugin <= 5.3.5 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin HTML5 Video Player with Playlist & Multiple Skins versions = 5.3.5...
CVE-2025-62743
CVE-2025-62743 affects MyBookTable Bookstore (Stormhill) up to version 3.5.6. It is an authenticated Stored Cross-Site Scripting vulnerability (Contributor+ level). Patch status: Unpatched in the connected Wordfence entry; no remediation details provided. Exploitation details are not described in...
libcoap 安全漏洞
libcoap is a C implementation of a lightweight application protocol open-sourced by obgm. A security vulnerability exists in libcoap version 4.3.5 and earlier, which stems from a stack buffer overflow during address parsing and could lead to a crash or remote code execution...
SiYuan 安全漏洞
SiYuan is a privacy-first personal knowledge management system from SiYuan Open Source. A security vulnerability exists in SiYuan 3.5.1 and prior versions that stems from the use of hard-coded encryption keys for session storage, which could lead to session hijacking...
EUVD-2025-203523
The JetFormBuilder — Dynamic Blocks Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the runcallback function in all versions up to, and including, 3.5.3. This makes it possible for unauthenticated attackers to generate form...
jshERP 安全漏洞
jshERP Huaxia ERP is a homegrown ERP system by the individual developer of China's Ji Sheng Hua. A security vulnerability exists in jshERP v3.5 and earlier versions, which stems from a stored cross-site scripting vulnerability in the /msg/add endpoint...
CVE-2022-50635
In the Linux kernel, the following vulnerability has been resolved: powerpc/kprobes: Fix null pointer reference in archpreparekprobe I found a null pointer reference in archpreparekprobe: echo 'p cmdlineprocshow' kprobeevents echo 'p cmdlineprocshow+16' kprobeevents Kernel attempted to read user...
PT-2025-49996
Cross-Site Request Forgery CSRF vulnerability in apasionados DoFollow Case by Case dofollow-case-by-case allows Cross Site Request Forgery.This issue affects DoFollow Case by Case: from n/a through = 3.5.1...
EUVD-2025-201786
A memory disclosure vulnerability exists in libcoap's OSCORE configuration parser in libcoap before release-4.3.5-patches. An out-of-bounds read may occur when parsing certain configuration values, allowing an attacker to infer or read memory beyond string boundaries in the .rodata section. This...
[SECURITY] Fedora 43 Update: libcoap-4.3.5a-1.fc43
The Constrained Application Protocol CoAP is a specialized web transfer protocol for use with constrained nodes and constrained networks in the Inter net of Things. The protocol is designed for machine-to-machine M2M applications such as smart energy and building automation. libcoap implements a...