CVE-2025-69343

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jeroen Schmit Theater for WordPress theatre allows Stored XSS.This issue affects Theater for WordPress: from n/a through = 0.19...

CVE-2025-69343

CVE-2025-69343 is a Stored XSS in Theater for WordPress (plugin: Theater) caused by improper neutralization of input during web page generation. Affected versions: Theater for WordPress

CVE-2025-69331

Missing Authorization vulnerability in Jeroen Schmit Theater for WordPress theatre allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Theater for WordPress: from n/a through = 0.19...

WordPress plugin m1.DownloadList 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...

Inkscape 缓冲区错误漏洞

Inkscape is an open source graphics editor for Inkscape. A buffer error vulnerability exists in Inkscape version 0.19. An attacker could exploit this vulnerability to access unauthorized information...

Inkscape 缓冲区错误漏洞

Inkscape is an open source graphics editor for Inkscape. A buffer error vulnerability exists in Inkscape version 0.19. An attacker could exploit this vulnerability to access unauthorized information...

FreeCad 操作系统命令注入漏洞

FreeCad is a free and open source general-purpose parametric 3D Cad modeler from the FreeCad community and supports the Finite Element Method of building information modeling software. A security vulnerability exists in FreeCAD 0.19 that allows attackers to execute arbitrary commands via a crafte...

FreeCad 操作系统命令注入漏洞

FreeCad is a free and open source general-purpose parametric 3D Cad modeler from the FreeCad community and supports the finite element method of building information modeling software. A command injection vulnerability exists in FreeCAD version 0.19, which stems from improper cleanup when calling...

PT-2022-12433 · Freecad · Freecad

Name of the Vulnerable Software and Affected Versions: FreeCAD version 0.19 Description: The Path Sanity Check script is vulnerable to OS command injection, allowing an attacker to execute arbitrary commands via a crafted FCStd document. Recommendations: For FreeCAD version 0.19, consider disabli...

GHSA-WJW6-2CQR-J4QR Client metadata path-traversal

Impact In both clients tuf/client and tuf/ngclient, there is a path traversal vulnerability that in the worst case can overwrite files ending in .json anywhere on the client system on a call to getonevalidtargetinfo. It occurs because the rolename is used to form the filename, and may contain pat...

PYSEC-2021-376

python-tuf is a Python reference implementation of The Update Framework TUF. In both clients tuf/client and tuf/ngclient, there is a path traversal vulnerability that in the worst case can overwrite files ending in .json anywhere on the client system on a call to getonevalidtargetinfo. It occurs...

PYSEC-2021-376

python-tuf is a Python reference implementation of The Update Framework TUF. In both clients tuf/client and tuf/ngclient, there is a path traversal vulnerability that in the worst case can overwrite files ending in .json anywhere on the client system on a call to getonevalidtargetinfo. It occurs...

Design/Logic Flaw

LXD before version 0.19-0ubuntu5 doUidshiftIntoContainer has an unsafe Chmod call that races against the stat in the Filepath.Walk function. A symbolic link created in that window could cause any file on the system to have any mode of the attacker's choice...

Lhasa Untrusted search path vulnerability

This host is installed with Lhasa and is prone to untrusted search path vulnerability. OpenVAS Vulnerability Test $Id: gblhasauntrustedsearchpathvuln.nasl 5374 2017-02-20 16:36:11Z cfi $ Lhasa Untrusted search path vulnerability Authors: Madhuri D Copyright: Copyright c 2010 Greenbone Networks...