PT-2026-5966

Name of the Vulnerable Software and Affected Versions ExpressTech Systems Quiz And Survey Master versions through 10.3.1 Description A flaw exists in ExpressTech Systems Quiz And Survey Master that allows for SQL Injection. The issue impacts approximately 40,000 WordPress sites globally. A...

WordPress Quiz And Survey Master plugin <= 10.3.1 - Missing Authorization to Authenticated (Subscriber+) Quiz Results Deletion vulnerability

Missing Authorization to Authenticated Subscriber+ Quiz Results Deletion vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Quiz And Survey Master versions = 10.3.1...

WordPress SmartMag Theme <= 10.3.1 is vulnerable to Cross Site Scripting (XSS)

Software SmartMag Type Theme Vulnerable versions = 10.3.1 Fixed in 10.3.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-64204 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6a240fc7988d Credits João Pedro S Alcântara Kinorth Required...

CVE-2022-0665

Path Traversal in GitHub repository pimcore/pimcore prior to 10.3.2...

Arctera eDiscovery Platform 安全漏洞

Arctera eDiscovery Platform is a complete integrated solution from Arctera that streamlines the electronic data presentation process across EDRM. A security vulnerability exists in Arctera eDiscovery Platform versions prior to 10.3.2, which stems from command line plaintext password storage...

CVE-2024-29409

File Upload vulnerability in nestjs nest v.10.3.2 allows a remote attacker to execute arbitrary code via the Content-Type header...

CVE-2024-29409

File Upload vulnerability in nestjs nest v.10.3.2 allows a remote attacker to execute arbitrary code via the Content-Type header...

CVE-2024-29409

File Upload vulnerability in nestjs nest v.10.3.2 allows a remote attacker to execute arbitrary code via the Content-Type header...

SUSE CVE-2017-2539

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted we...

GHSA-Q67F-3JQ4-MWW2 Cross-site Scripting in Pimcore

Pimcore version 10.3.2 and prior is vulnerable to stored cross-site scripting. A patch is available and anticipated to be part of version 10.3.3...

Cross-site Scripting in Pimcore

Pimcore version 10.3.2 and prior is vulnerable to stored cross-site scripting. A patch is available and anticipated to be part of version 10.3.3...

CVE-2019-17337 TIBCO Spotfire Server Library Vulnerable to Reflected Cross-Site Scripting

The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a vulnerability that theoretically allows an attacker to perform a reflected cross-site scripting XSS attack. Affected releases are TIBCO Software Inc.'...

CVE-2017-6991

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted we...

Apple iOS Notifications Denial of Service Vulnerability

Apple iOS is an operating system developed by Apple for mobile devices, and Notifications is one of the notification components. A denial of service vulnerability exists in the Notifications component of Apple iOS prior to version 10.3.2. An attacker can exploit this vulnerability to cause a deni...

MICROSENS Profi Line Switch 10.3.1 - Privilege Escalation

MICROSENS Profi Line Modular Industrial Switch Web Manager version 10.3.1 suffers from a privilege escalation vulnerability. title: Privilege escalation vulnerability product: MICROSENS Profi Line Modular Industrial Switch Web Manager MS652119PM vulnerable version: Firmware version 10.3.1 fixed...

IceWarp Mail Server < 10.3.3 Multiple Vulnerabilities

IceWarp Mail Server is prone to multiple vulnerabilities. Copyright C 2011 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...

Oracle WebLogic - POST Session Fixation

Name Oracle WebLogic – Session Fixation Via HTTP POST Request Vendor Website http://www.oracle.com/ Date Released 11 March 2011 – CVE-2010-4437 Affected Software Oracle WebLogic Server 9.0, 9.1, 9.2.4, 10.0.2, 10.3.2, 10.3.3 Researcher Roberto Suggi Liverani Description Oracle WebLogic servlet...

Oracle WebLogic Server Node Manager 'beasvc.exe' RCE Vulnerability

Oracle WebLogic Server is prone to a remote command execution RCE vulnerability because the software fails to restrict access to sensitive commands. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...