PT-2026-29349

Name of the Vulnerable Software and Affected Versions Admidio versions 5.0.0 through 5.0.7 Description The delete mode handler in mylist function.php does not validate a CSRF token before permanently deleting list configurations. An attacker can exploit this by luring an authenticated user to a...

CVE-2025-70791

Cross Site Scripting vulnerability in the "/admin/order/abandoned" endpoint of Microweber 2.0.19. An attacker can manipulate the "orderDirection" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The iss...

CVE-2025-14046

An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allowed user-supplied HTML to inject DOM elements with IDs that collided with server-initialized data islands. These collisions could overwrite or shadow critical application state objects used by...

Open-Xchange App Suite 跨站脚本漏洞

Open-Xchange App Suite is an email and productivity suite client software from Open-Xchange Germany. A security vulnerability exists in Open-Xchange App Suite that originates from an account that can be lured to a user with a malicious configuration, which can be exploited by an attacker to execu...

Autodesk Maya 安全漏洞

Autodesk Maya is a three-dimensional computer graphics software from the American company Autodesk. It is widely used to create digital special effects for movies, television, commercials, computer games and video games. A security vulnerability exists in Autodesk Maya USD. An attacker exploits t...

WordPress plugin跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...

Foxit Studio Photo 缓冲区错误漏洞

Foxit Studio Photo is a set of image editing software from the Chinese company Foxit Foxit. An information disclosure vulnerability exists in the handling of CMP files in Foxit Studio Photo 3.6.6.930 and earlier versions. The vulnerability stems from a lack of proper validation of user-supplied...

CVE-2019-5430

In UniFi Video 3.10.0 and prior, due to the lack of CSRF protection, it is possible to abuse the Web API to make changes on the server configuration without the user consent, requiring the attacker to lure an authenticated user to access on attacker controlled page...

Unspecified vulnerability in Oracle MySQL Server:Partition component (CNVD-2015-04913)

Oracle MySQL Server is a relational and popular database. A security vulnerability exists in the Server:Optimizer subcomponent of Oracle MySQL Server, which can be exploited by remote attackers to construct a malicious WEB page and trick users into parsing it, which can impact system availability...