77 matches found
CVE-2025-24198
This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An attacker with physical access may be able to use Siri to access sensitive user data...
CVE-2025-30223
Beego (Go framework) contains an XSS vulnerability in RenderForm() up to version 2.3.5, caused by improper HTML escaping of user-controlled data. This allows injection of attacker-controlled JavaScript in rendered forms, potentially enabling session hijacking, credential theft, or account takeove...
PT-2025-13580 · Unknown · Sourcecodester Online Exam System
Name of the Vulnerable Software and Affected Versions: Sourcecodester Online Exam System version 1.0 Description: The issue is related to SQL Injection via the dash.php file. This allows for potential exploitation. Recommendations: For Sourcecodester Online Exam System version 1.0, consider...
GHSA-V4Q9-437P-MHPG Leantime allows Cross Site Scripting (XSS) and SQL Injection (SQLi)
Summary A cross-site scripting XSS vulnerability has been identified in Leantime. The vulnerability allows an attacker to inject malicious scripts into certain fields, potentially leading to the execution of arbitrary code or unauthorized access to user-sensitive information. The code does not...
CVE-2025-21363 Microsoft Word Remote Code Execution Vulnerability
...
ROS-20240404-01
A vulnerability in the Grafana web-based data submission tool is related to authentication bypass via spoofing. Exploitation of the vulnerability could allow an attacker acting remotely to gain full access to a user's account A vulnerability in the Grafana monitoring and surveillance platform is...
RHEL 9 : firefox (RHSA-2023:6199)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:6199 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...
GHSA-R2HW-74XV-4GQP Nautobot vulnerable to exposure of hashed user passwords via REST API
Impact In Nautobot 2.0.x, certain REST API endpoints, in combination with the ?depth= query parameter, can expose hashed user passwords as stored in the database to any authenticated user with access to these endpoints. The passwords are not exposed in plaintext. Nautobot 1.x is not affected by...
PT-2023-28132 · Poll Maker Team · Poll Maker Plugin
Name of the Vulnerable Software and Affected Versions: Poll Maker Team Poll Maker plugin versions = 4.7.0 Description: The issue is an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into a website, potentially allowing them to...
PT-2023-27331 · Vathemes · Vathemes Business Pro
Name of the Vulnerable Software and Affected Versions: Vathemes Business Pro theme versions = 1.10.4 Description: The issue is an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into a website, potentially allowing them to steal...
PT-2023-22730 · Imagerecycle · Imagerecycle Pdf & Image Compression Plugin
Name of the Vulnerable Software and Affected Versions: ImageRecycle ImageRecycle pdf & image compression plugin versions = 3.1.10 Description: The issue is an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into a website,...
PT-2023-21602 · Unknown · Aakif Kadiwala Tags Cloud Manager
Name of the Vulnerable Software and Affected Versions: Aakif Kadiwala Tags Cloud Manager plugin versions 1.0.0 and earlier Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into a website,...
PT-2023-25303 · WordPress · Backup Manager
Name of the Vulnerable Software and Affected Versions: WP Backup Manager plugin versions prior to 1.13.1 Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into a website, potentially allowing...
PT-2023-18649 · WordPress · Propertyhive
Name of the Vulnerable Software and Affected Versions: PropertyHive plugin versions 1.5.48 and earlier Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into a website, potentially allowing th...
Gila CMS Cross-Site Scripting Vulnerability (CNVD-2021-84281)
Gila CMS is an open source content management system CMS based on PHP and MySQL. A cross-site scripting vulnerability exists in Gila CMS version 2.2.0, which can be used by an attacker to steal cookies, passwords, or run arbitrary code on a victim's browser...
CVE-2021-24585
The Timetable and Event Schedule WordPress plugin before 2.4.0 outputs the Hashed Password, Username and Email Address along other less sensitive data of the user related to the Even Head of the Timeslot in the response when requesting the event Timeslot data with a user with the editposts...
Tailor Management System - 'id' SQL Injection
Exploit Title: Tailor Management System - 'id' SQL Injection Google Dork: N/A Date: 2020-09-08 Exploit Author: mosaaed Vendor Homepage: https://www.sourcecodester.com/php/14378/tailor-management-system-php-mysql.html Software Link:...
The Uber platform coming out of authentication vulnerabilities, exploit the vulnerability can reset any account password-loophole warning-the black bar safety net
Italian security expert Vincenzo C. Aka found the Uber platform authentication vulnerabilities, any account can use this vulnerability to reset the password, this discovery yesterday officially announced. In fact, the initiator of the“authentication crisis”the vulnerability is in the seven months...
Twitter will now Track EVERY App You have Installed on Your Smartphone
Like Facebook and Google, Twitter will soon be collecting your smartphone data in order to provide a "more personal Twitter experience" by serving targeted advertisements. The popular microblogging service Twitter said Wednesday that it will start collecting information about the other applicatio...
Google Moves to Boost Search Ranking For HTTPS Sites
In the last couple of years, Google has been making a series of changes to its Web infrastructure to employ encryption more widely and help defeat active attackers. Much of this has gone on in the background, with the company securing the links between its data centers and making other...