16 matches found
CVE-2026-33653 Uploady Vulnerable to Stored Cross-Site Scripting (XSS)
Ulloady is a file uploader script with multi-file upload support. A Stored Cross-Site Scripting XSS vulnerability exists in versions prior to 3.1.2 due to improper sanitization of filenames during the file upload process. An attacker can upload a file with a malicious filename containing JavaScri...
CVE-2026-3138
The Product Filter for WooCommerce by WBW plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check in all versions up to, and including, 3.1.2. This is due to the plugin's MVC framework dynamically registering unauthenticated AJAX handlers via wpajaxnopriv...
CVE-2026-21683 iccDEV has Type Confusion in icStatusCMM::CIccEvalCompare::EvaluateProfile()
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 have a Type Confusion vulnerability in icStatusCMM::CIccEvalCompare::EvaluateProfile. This...
EUVD-2025-197609
In Search Guard FLX versions 3.1.2 and earlier, while Document-Level Security DLS is correctly enforced elsewhere, when the search is triggered from a Signals watch, the DLS rule is not enforced, allowing access to all documents in the queried indices...
CVE-2025-8052
SQL Injection vulnerability in opentext Flipper allows SQL Injection. The vulnerability could allow a low privilege user to interact with the database in unintended ways and extract data by interacting with the HQL processor. This issue affects Flipper: 3.1.2...
MRCMS 安全漏洞
MRCMS is a content management system by the individual developers at marker. A security vulnerability exists in MRCMS version 3.1.2, which stems from mishandling of the component /admin/group/save.do, which could lead to a cross-site scripting attack...
CVE-2024-25428
SQL Injection vulnerability in MRCMS v3.1.2 allows attackers to run arbitrary system commands via the status parameter...
CVE-2024-32449
Cross-Site Request Forgery CSRF vulnerability in MagniGenie RestroPress.This issue affects RestroPress: from n/a through 3.1.2...
CVE-2014-100021
Cross-site scripting XSS vulnerability in symfony/web/index.php/pim/viewEmployeeList in OrangeHRM before 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the empsearchemployeenameempId parameter...
CVE-2025-32826
A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'GetActiveProjects' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from a...
CVE-2025-25768
MRCMS v3.1.2 was discovered to contain a server-side template injection SSTI vulnerability in the component \servlet\DispatcherServlet.java. This vulnerability allows attackers to execute arbitrary code via a crafted payload...
CVE-2025-25768
MRCMS v3.1.2 was discovered to contain a server-side template injection SSTI vulnerability in the component \servlet\DispatcherServlet.java. This vulnerability allows attackers to execute arbitrary code via a crafted payload...
CVE-2024-54313
Path Traversal vulnerability in FULL. FULL Customer allows Path Traversal.This issue affects FULL Customer: from n/a through 3.1.25...
CVE-2023-50082
Aoyun Technology pbootcms V3.1.2 is vulnerable to Incorrect Access Control, allows remote attackers to gain sensitive information via session leakage allows a user to avoid logging into the backend management platform...
CVE-2022-32417
PbootCMS v3.1.2 was discovered to contain a remote code execution RCE vulnerability via the function parserIfLabel at function.php...
ipa: weakness when initiating join from IPA client can potentially compromise IPA domain
The client in FreeIPA 2.x and 3.x before 3.1.2 does not properly obtain the Certification Authority CA certificate from the server, which allows man-in-the-middle attackers to spoof a join procedure via a crafted certificate...