12 matches found
CVE-2026-27742
Bludit version 3.16.2 contains a stored cross-site scripting XSS vulnerability in the post content functionality. The application performs client-side sanitation of content input but does not enforce equivalent sanitation on the server side. An authenticated user can inject arbitrary JavaScript...
📄 bludit 3.16.2 Session Fixation
bludit version 3.16.2 suffers from a session fixation vulnerability. Exploit Title: Session Fixation - bluditv3.16.2 Date: 07/2025 Exploit Author: Andrey Stoykov Version: 3.16.2 Tested on: Debian 12 Blog: https://msecureltd.blogspot.com/ Session Fixation 1: Steps to Reproduce: Visit the login pag...
📄 bludit 3.16.2 Directory Traversal
bludit version 3.16.2 suffers from a directory traversal vulnerability. Exploit Title: Directory Traversal "Site Title" - bluditv3.16.2 Date: 07/2025 Exploit Author: Andrey Stoykov Version: 3.16.2 Tested on: Debian 12 Blog: https://msecureltd.blogspot.com/ Directory Traversal "Site Title" 1: Step...
CVE-2025-3246
An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allowed cross-site scripting in GitHub Markdown that used $$..$$ math blocks. Exploitation required access to the target GitHub Enterprise Server instance and privileged user interaction with the...
CVE-2025-3246
CVE-2025-3246 targets GitHub Enterprise Server, specifically version 3.16.1, via an improper neutralization of input that enables cross-site scripting in GitHub Markdown using $$..$$ math blocks. The issue requires access to the target instance and privileged user interaction with the malicious e...
CVE-2025-30766
CVE-2025-30766: Happy Addons for Elementor has a DOM-based XSS vulnerability in the plugin’s web page generation due to improper input neutralization. Affected: Happy Addons for Elementor (Authenticated user context). CVSS v3.1 base score 6.5 (Medium). Connected Wordfence vulnerability data confi...
WordPress plugin Happy Addons for Elementor 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
CVE-2024-8353
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.1 via deserialization of untrusted input via several parameters like 'givetitle' and 'cardaddress'. This makes it possible for unauthenticate...
PT-2024-38967
Name of the Vulnerable Software and Affected Versions: GiveWP – Donation Plugin and Fundraising Platform versions up to and including 3.16.1 Description: The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection due to the deserialization of...
Svelecte Cross-Site Scripting Vulnerability
Svelecte is a flexible autocomplete/select component written in Svelte. A cross-site scripting vulnerability exists in Svelecte 3.16.2 and earlier versions, which stems from the presence of a cross-site scripting XSS vulnerability. An attacker can exploit this vulnerability to inject arbitrary HT...
UBUNTU-CVE-2014-3183
Heap-based buffer overflow in the logidjllrawrequest function in drivers/hid/hid-logitech-dj.c in the Linux kernel before 3.16.2 allows physically proximate attackers to cause a denial of service system crash or possibly execute arbitrary code via a crafted device that specifies a large report si...
PT-2014-6345 · Linux +3 · Linux Kernel +3
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.16.2 Description: The issue allows local users to bypass an intended read-only restriction and defeat certain sandbox protection mechanisms. This is achieved via a "mount -o remount" command within a user...