1395 matches found
CVE-2025-2005
The Front End Users plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the file uploads field of the registration form in all versions up to, and including, 3.2.32. This makes it possible for unauthenticated attackers to upload arbitrary files on t...
PT-2025-14475 · WordPress · Time Machine
Name of the Vulnerable Software and Affected Versions: wp Time Machine plugin for WordPress versions up to, and including, 3.4.0 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the 'wpTimeMachineCore.php' page. This allows...
Apache Oozie 安全漏洞
Apache Oozie is an application from the Apache Apache Foundation, USA. Provides a workflow scheduler system for managing Apache Hadoop job functions. Apache Oozie has a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied...
Online Shopping Portal product-details.php file SQL Injection Vulnerability
Online Shopping Portal is an online store. Online Shopping Portal suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the product-details.php file. An attacker can exploit this vulnerability to execute illegal SQL commands to ste...
The vulnerability of the set_add_routing function in the internet.cgi script of the Wavlink AC3000 (WL-WN533A8) router microprogramming system allows a hacker to execute arbitrary commands.
The vulnerability of the setaddrouting function in the internet.cgi script of the Wavlink AC3000 WL-WN533A8 router microprogramming system is related to the lack of data cleaning measures at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
CVE-2025-0801
The RateMyAgent Official plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.0. This is due to missing or incorrect nonce validation on the 'rma-settings-wizard'. This makes it possible for unauthenticated attackers to update the plugin's API...
SunGrow iSolarCloud 安全漏洞
SunGrow iSolarCloud is an Android app for new energy power plant management from China SunGrow SunGrow. It is used for power plant data collection, monitoring, operation and maintenance and operation management. A security vulnerability exists in SunGrow iSolarCloud Android app version...
CVE-2025-0865
The WP Media Category Management plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 2.0 to 2.3.3. This is due to missing or incorrect nonce validation on the wpmcmhandleactionsettings function. This makes it possible for unauthenticated attackers to alter plugin settings...
CVE-2024-13315
The Shopwarden – Automated WooCommerce monitoring & testing plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.11. This is due to missing or incorrect nonce validation on the savesetting function. This makes it possible for unauthenticated...
CVE-2025-0796
The Mortgage Lead Capture System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.2.10. This is due to missing or incorrect nonce validation on the 'wprequalresetdefaults' action. This makes it possible for unauthenticated attackers to reset...
CVE-2024-13684
The Reset plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6. This is due to missing or incorrect nonce validation on the resetdbpage function. This makes it possible for unauthenticated attackers to reset several tables in the database like...
CVE-2025-0526
In affected versions of Octopus Deploy it was possible to upload files to unexpected locations on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows...
Digital China Networks DCBC Gateway 安全漏洞
Digital China Networks DCBC Gateway is a gateway program from Digital China Networks China. A security vulnerability exists in Digital China Networks DCBC Gateway version 200-2.1.1, which stems from a lack of length validation and a buffer overflow vulnerability that could cause a remote target...
CVE-2024-11621
Missing certificate validation in Devolutions Remote Desktop Manager on macOS, iOS, Android, Linux allows an attacker to intercept and modify encrypted communications via a man-in-the-middle attack. Versions affected are : Remote Desktop Manager macOS 2024.3.9.0 and earlier Remote Desktop Manager...
CVE-2024-13512
The Wonder FontAwesome plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.8. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to update settings and inject...
PT-2025-2245 · WordPress · Ti Woocommerce Wishlist
Name of the Vulnerable Software and Affected Versions: WooCommerce Wishlist plugin for WordPress versions up to, and including, 1.8.7 Description: The issue concerns a lack of validation on a user-controlled key in the download pdf file function, allowing unauthenticated attackers to extract data...
PT-2025-2253 · WordPress · Linear
Name of the Vulnerable Software and Affected Versions: Linear plugin for WordPress versions up to, and including, 2.8.1 Description: The issue is due to missing or incorrect nonce validation on the linear-debug feature, making it possible for unauthenticated attackers to reset the plugin's cache...
CVE-2024-12385
The WP Abstracts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.2. This is due to missing nonce validation on the wpabstractsloadstatus and wpabstractsdeleteabstracts functions. This makes it possible for unauthenticated attackers to...
PT-2025-1828 · WordPress · Wp Abstracts
Name of the Vulnerable Software and Affected Versions: WP Abstracts plugin for WordPress versions up to, and including, 2.7.2 Description: The issue is due to missing nonce validation on the wpabstracts load status and wpabstracts delete abstracts functions, making it possible for unauthenticated...
H3C N12 V100R005 安全漏洞
The H3C N12 V100R005 is a wireless router from China's Xinhua San H3C. A security vulnerability exists in the H3C N12 V100R005 version, which stems from a lack of length validation in the AP configuration function, which could allow an attacker to crash a remote target device or execute arbitrary...