UnoPim 代码问题漏洞

UnoPim is an open source Product Information Management PIM system based on the Laravel framework by UnoPim Open Source. A code issue vulnerability exists in versions of UnoPim prior to 0.2.1 that stems from insufficient validation of client-side file types, which could lead to the upload of...

CVE-2025-52561

HTMLSanitizer.jl is a Whitelist-based HTML sanitizer. Prior to version 0.2.1, when adding the style tag to the whitelist, content inside the tag is incorrectly unescaped, and closing tags injected as content are interpreted as real HTML, enabling tag injection and JavaScript execution. This could...

CVE-2025-52561

HTMLSanitizer.jl is a Whitelist-based HTML sanitizer. Prior to version 0.2.1, when adding the style tag to the whitelist, content inside the tag is incorrectly unescaped, and closing tags injected as content are interpreted as real HTML, enabling tag injection and JavaScript execution. This could...

CVE-2025-52561 HTMLSanitizer.jl Possible XSS

HTMLSanitizer.jl is a Whitelist-based HTML sanitizer. Prior to version 0.2.1, when adding the style tag to the whitelist, content inside the tag is incorrectly unescaped, and closing tags injected as content are interpreted as real HTML, enabling tag injection and JavaScript execution. This could...

CVE-2025-52561 HTMLSanitizer.jl Possible XSS

HTMLSanitizer.jl is a Whitelist-based HTML sanitizer. Prior to version 0.2.1, when adding the style tag to the whitelist, content inside the tag is incorrectly unescaped, and closing tags injected as content are interpreted as real HTML, enabling tag injection and JavaScript execution. This could...

Improper Neutralization of Special Elements Used in a Template Engine

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via the formatblockparametertemplatefromworkflowruncontext function in the block.py file. An attacker can access sensitive information by exploiting the Jinja runtime...

CVE-2023-33663

In the module “Customization fields fee for your store” aicustomfee from ai-dev module for PrestaShop, an attacker can perform SQL injection up to 0.2.0. Release 0.2.1 fixed this security issue...

CVE-2023-42456

Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to...

WordPress plugin MapFig Studio 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2025-32685

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Aristo Rinjuang WP Inquiries wp-inquiries allows SQL Injection.This issue affects WP Inquiries: from n/a through = 0.2.1...

CVE-2025-32685 WordPress WP Inquiries plugin <= 0.2.1 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Aristo Rinjuang WP Inquiries wp-inquiries allows SQL Injection.This issue affects WP Inquiries: from n/a through = 0.2.1...

WordPress plugin WP Inquiries SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

CVE-2025-31459

Cross-Site Request Forgery CSRF vulnerability in PasqualePuzio Login Alert login-alert allows Stored XSS.This issue affects Login Alert: from n/a through = 0.2.1...

CVE-2025-31459 WordPress Login Alert plugin <= 0.2.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in PasqualePuzio Login Alert allows Stored XSS. This issue affects Login Alert: from n/a through 0.2.1...

WordPress plugin Login Alert 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

CVE-2025-30617

Cross-Site Request Forgery CSRF vulnerability in takien Rewrite rewrite allows Cross Site Request Forgery.This issue affects Rewrite: from n/a through = 0.2.1...

CVE-2025-30617 WordPress Rewrite plugin <= 0.2.1 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in takien Rewrite rewrite allows Cross Site Request Forgery.This issue affects Rewrite: from n/a through = 0.2.1...

WordPress plugin Rewrite 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request...

CVE-2024-13876

The mEintopf WordPress plugin through 0.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-13876 Meintopf <= 0.2.1 - Reflected XSS

The mEintopf WordPress plugin through 0.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...