CVE-2025-56761

Memos 0.22 is vulnerable to Stored Cross site scripting XSS vulnerabilities by the upload attachment and user avatar features. Memos does not verify the content type of the uploaded data and serve it back as is. An authenticated attacker can use this to elevate their privileges when the stored XS...

CVE-2024-9626 Editorial Assistant by Sovrn <= 1.3.3 - Missing Authorization to Authenticated (Subscriber+) Attachment Upload and Set Post Featured Image

The Editorial Assistant by Sovrn plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajaxzemantasetfeaturedimage' function in versions up to, and including, 1.3.3. This makes it possible for authenticated attackers, with subscriber-lev...

CVE-2024-32731

SAP My Travel Requests contains a privilege-escalation vulnerability due to missing authorization checks for authenticated users. Exploitation could allow an attacker to upload a malicious attachment to a business trip request, with low impact on confidentiality, integrity and availability as des...

Cross-site Scripting in showdoc

Stored XSS via upload attachment with format .svg in File Library...

MySQL and SQL field truncated vulnerability-vulnerability warning-the black bar safety net

The current Web developers certainly have a lot of people did not notice the author mentioned these two issues. The first problem is that, MySQL by default has a configuration parameters maxpacketsize, this parameter is used to limit the MySQL client and the MySQL server end of the data...