54 matches found
CVE-2026-57330
Subscriber Cross Site Scripting XSS in MasterStudy LMS = 3.7.27 versions...
UBUNTU-CVE-2026-12805
A flaw has been found in OFFIS DCMTK up to 3.7.0. The affected element is the function XMLNode::parseFile in the library ofstd/libsrc/ofxml.cc. Executing a manipulation can lead to heap-based buffer overflow. The attack may be performed from remote. The exploit has been published and may be used...
EUVD-2026-30358
SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the kernel stores Attribute View AV / database names without any HTML escape, then a render template uses raw strings.ReplaceAlltpl, "$avName", nodeAvName to embed the name in HTML before pushing to all clients via...
BIT-JAVA-2020-2659
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols...
CVE-2026-24973
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NooTheme CitiLights noo-citilights allows Reflected XSS.This issue affects CitiLights: from n/a through = 3.7.1...
CVE-2026-27273
Substance3D Stager is affected by CVE-2026-27273 (out-of-bounds write) in versions up to 3.1.7. The vulnerability could allow arbitrary code execution in the context of the current user and requires user interaction (victim must open a malicious file). Remediation is provided in APSB26-29, which ...
CVE-2026-27338
Deserialization of Untrusted Data vulnerability in AivahThemes Car Zone carzone allows Object Injection.This issue affects Car Zone: from n/a through = 3.7...
CVE-2026-22473
CVE-2026-22473 affects the WordPress theme Dental Clinic (Designthemes) up to version 3.7. It is a Deserialization of Untrusted Data (PHP Object Injection) vulnerability that can be exploited by an authenticated attacker (Subscriber+) and has a high risk profile (CVSS 3.1: 8.8). Current connected...
CVE-2026-22384
Deserialization of Untrusted Data vulnerability in leafcolor Applay - Shortcodes applay-shortcodes allows Object Injection.This issue affects Applay - Shortcodes: from n/a through = 3.7...
CVE-2026-22384
CVE-2026-22384 describes a deserialization vulnerability in the WordPress plugin Applay - Shortcodes (versions up to and including 3.7) that enables PHP Object Injection via untrusted data. The WP-exposed issue is associated with the leafcolor Applay - Shortcodes code path and is rated CRITICAL (...
CVE-2025-14472
CVE-2025-14472 is a CSRF vulnerability in the Drupal Acquia Content Hub integration. Affected versions are Acquia Content Hub 0.0.0–3.6.3 and 3.7.0–3.7.2. Root cause is a CSRF protection gap that could allow actions on behalf of authenticated users. The CVSS 3.1 base metrics indicate HIGH impact ...
CVE-2022-31298
A cross-site scripting vulnerability in the ads comment section of Haraj v3.7 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request...
CVE-2022-31299
Haraj v3.7 was discovered to contain a reflected cross-site scripting XSS vulnerability in the User Upgrade Form...
CVE-2025-14388
The PhastPress plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read via null byte injection in all versions up to, and including, 3.7. This is due to a discrepancy between the extension validation in getExtensionForURL which operates on URL-decoded paths, and appendNormalized...
SUSE CVE-2025-14607
A vulnerability was detected in OFFIS DCMTK up to 3.6.9. Affected by this issue is the function DcmByteString::makeDicomByteString of the file dcmdata/libsrc/dcbytstr.cc of the component dcmdata. The manipulation results in memory corruption. The attack can be launched remotely. Upgrading to...
CVE-2025-14607
A vulnerability was detected in OFFIS DCMTK up to 3.6.9. Affected by this issue is the function DcmByteString::makeDicomByteString of the file dcmdata/libsrc/dcbytstr.cc of the component dcmdata. The manipulation results in memory corruption. The attack can be launched remotely. Upgrading to...
CVE-2025-14607
OFFIS DCMTK vulnerability CVE-2025-14607 affects DCMTK up to 3.6.9, specifically the DcmByteString::makeDicomByteString function in dcmdata. This memory corruption can be triggered remotely via crafted DICOM datasets. Affected versions are DCMTK 3.6.x up to 3.6.9; remediation is to upgrade to DCM...
CVE-2025-49911 WordPress WooCommerce Vehicle Parts Finder plugin <= 3.7 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpinstinct WooCommerce Vehicle Parts Finder woo-vehicle-parts-finder allows Reflected XSS.This issue affects WooCommerce Vehicle Parts Finder: from n/a through = 3.7...
WordPress plugin woo-vehicle-parts-finder 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
CVE-2024-53499
Jeewms v3.7 was discovered to contain a SQL injection vulnerability via the CgReportController API...