Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992264)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992264 advisory. In the Linux kernel, the following vulnerability has been resolved: kcm: fix strpinit order and cleanup strpinit is called just a few lines above this csk-skuserdata...

PT-2025-43226

Name of the Vulnerable Software and Affected Versions CropRefine versions through 1.2.1 Description The software contains a flaw due to improper handling of user-supplied data when creating web pages, leading to a potential Reflected Cross-Site Scripting XSS condition. This could allow an attacke...

PT-2025-43212

Name of the Vulnerable Software and Affected Versions gAppointments versions through 1.14.1 Description The software contains a flaw due to improper handling of user-supplied data when creating web pages, leading to a potential Cross-site Scripting XSS issue. This allows for Reflected XSS attacks...

SAP Supplier Relationship Management Cross-Site Scripting Vulnerability (CNVD-2025-21206)

SAP Supplier Relationship Management SRM is a supplier relationship management solution from SAP. The product automates purchasing and acquisition processes within an organization and between suppliers, and provides functions such as invoicing. A cross-site scripting vulnerability exists in SAP...

TOTOLINK A3002RU MAC Filtering Page Component Cross-Site Scripting Vulnerability

TOTOLINK A3002RU is a wireless router product from China's Gion Electronics TOTOLINK. A cross-site scripting vulnerability exists in the TOTOLINK A3002RU, which stems from the lack of effective filtering and escaping of user-supplied data by the MAC Filtering Page component parameter Comment, for...

WordPress plugin MultiVendorX Marketplace - WooCommerce MultiVendor Marketplace Solution Security Vulnerability

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin MultiVendorX Marketplace - WooCommerce MultiVendor...

PT-2023-20158

Name of the Vulnerable Software and Affected Versions DataHub affected versions not specified Description The issue concerns the AuthServiceClient in DataHub, which is responsible for managing accounts and authentication. It crafts JSON strings using format strings with user-controlled data,...

NETGEAR R7800 缓冲区错误漏洞

The NETGEAR R7800 is a wireless router from NETGEAR. The NETGEAR R7800 suffers from a buffer error vulnerability that stems from a lack of proper validation of user-supplied data, which could result in a write beyond the end of the allocated data structure. An attacker could exploit this...

Wordpress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress Plugin is an open source application plugin for WordPress. Wordpress plugin Fudousan 5.7.0 suffers from a cross-site...

Unspecified vulnerability in php factory MailForm01

php factory MailForm01 is a free PHP mail form program from PHP Factory Japan that can be easily installed with just one file. A security vulnerability exists in MailForm01 versions prior to 2021-05-20, which stems from insufficient harmless handling of user-supplied data. An attacker can exploit...

Hashicorp Nomad 安全漏洞

Hashicorp Nomad is a distributed, data center-aware cluster and application scheduler from Hashicorp, USA. The program supports the deployment of microservices, batch, containerized and non-containerized applications. Nomad suffers from a security vulnerability that stems from the mishandling of...

Mozilla Firefox Cross-Site Scripting Vulnerability (CNVD-2021-36198)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Firefox for Android suffers from a cross-site scripting vulnerability that stems from insufficient innocent handling of user-supplied data. No details of the vulnerability are provided at this time...

Apple WebKitGTK+ 跨站脚本漏洞

WebKitGTK+ is a full-featured port of the WebKit engine and contains all of WebKit's features. A cross-site scripting vulnerability exists in WebKitGTK+ that stems from insufficient harmless handling of user-supplied data in WebKit. The following products and versions are affected: WebKitGTK+:...

TYPO3 跨站脚本漏洞

TYPO3 is a free and open source content management system framework from the Swiss TYPO3 Association. A cross-site scripting vulnerability exists in version 1.x prior to TYPO3 1.3.3, which stems from insufficient innocuous handling of user-supplied data, and can be exploited by attackers to condu...

TYPO3 跨站脚本漏洞

TYPO3 is a free and open source content management system framework CMS/CMF of the Swiss TYPO3 Typo3 Association. A cross-site scripting vulnerability exists in TYPO3 Core that stems from insufficient handling of user-supplied data in the Content Preview Renderer component. No detailed...

Greenhouse.io: Content Spoofing on link.greenhouse.io

Hi, Description: Content spoofing, also referred to as content injection or virtual defacement, is an attack targeting a user made possible by an injection vulnerability in a web application. When an application does not properly handle user supplied data, an attacker can supply content to a web...

Microsoft Visio Object Memory Corruption (CVE-2011-0092) Remote Code Execution Vulnerability

Description Microsoft Visio is prone to a remote code-execution vulnerability because it fails to adequately handle user-supplied data. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will result in a...

Microsoft Visio Object Copy Memory Corruption Remote Code Execution Vulnerability

Description Microsoft Visio is prone to a remote code-execution vulnerability because it fails to adequately handle user-supplied data. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Failed exploit attempts will result in a...

waraxe-2004-SA038.txt

================================================================================ waraxe-2004-SA038 ================================================================================ Multiple vulnerabilities in Event Calendar module for PhpNuke...