99 matches found
CVE-2025-57714
An unquoted search path or element vulnerability has been reported to affect NetBak Replicator. If a local attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: NetBak...
CVE-2025-8079
CVE-2025-8079 concerns Akıllı Ticaret Software Technologies Ltd. Co. Smart Trade E-Commerce, with a vulnerability prior to version 4.5.0.0.1: improper neutralization of input during web page generation that leads to Reflected XSS. The issue affects Smart Trade E-Commerce before 4.5.0.0.1 and is d...
WordPress plugin Save as PDF 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A cross-site...
CVE-2025-6051
CVE-2025-6051 is a ReDoS in Hugging Face Transformers’ EnglishNormalizer.normalize_numbers(), affecting versions up to 4.52.4 and fixed in 4.53.0. The issue arises from numeric string handling, enabling crafted inputs with long digit sequences to cause excessive CPU usage, impacting text-to-speec...
Avast Business Antivirus 安全漏洞
Avast Business Antivirus is a commercial network antivirus from Avast. A security vulnerability exists in Avast Business Antivirus version 4.5, which stems from insufficient file validation and could lead to tampering of update files...
llisoft MTA Maita Training System 注入漏洞
The llisoft MTA Maita Training System is a training system from China Dongke llisoft. An injection vulnerability exists in version 4.5 of the llisoft MTA Maita Training System, which results from an SQL injection due to the operation of the parameter stTypeIds...
PT-2025-7515 · WordPress · Wp-Appbox
Name of the Vulnerable Software and Affected Versions: WP-Appbox plugin for WordPress versions up to, and including, 4.5.4 Description: The issue is related to Stored Cross-Site Scripting via the plugin's appbox shortcode due to insufficient input sanitization and output escaping on user-supplied...
ETIC Telecom Remote Access Server 安全漏洞
ETIC Telecom Remote Access Server is a remote maintenance solution from the French company ETIC Telecom. It is designed to enable manufacturers to maintain automated equipment remotely. A security vulnerability exists in ETIC Telecom Remote Access Server versions prior to 4.5.0, which stems from...
WordPress Online Booking & Scheduling Calendar for WordPress by vcita plugin <= 4.5.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability
Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by stealthcopter in WordPress Plugin Online Booking & Scheduling Calendar for WordPress by vcita versions = 4.5.1...
DEBIAN-CVE-2024-51744
golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...
IBOS 安全漏洞
IBOS is a collaborative office management system open-sourced by IBOS China. A security vulnerability exists in IBOS version 4.5.5, which stems from the existence of an arbitrary file deletion vulnerability that can be deleted via systemmodulesdashboardcontrollersLoginController.php...
WordPress plugin GEO my WordPress 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
Super 8 安全漏洞
Super 8 is a one-stop social chat software from China-based Super 8. A security vulnerability exists in Super 8 4.5.0 and prior versions, which stems from the presence of a cross-site scripting XSS vulnerability...
Meross MSH30Q Security Vulnerability
The Meross MSH30Q is a smart Wi-Fi hub from Meross. A security vulnerability exists in the Meross MSH30Q version 4.5.23, which stems from vulnerability to replay attacks, where an attacker can record and replay previously captured communications to perform unauthorized commands or actions...
CBOR Security Breach
CBOR is a C implementation of the Concise Binary Object Representation by the individual developer Peter Occil. A security vulnerability exists in CBOR versions 4.0.0 through 4.5.0, which stems from the use of an inefficient algorithm that makes it susceptible to denial-of-service attacks when...
CVE-2023-51420
Improper Control of Generation of Code 'Code Injection' vulnerability in Soft8Soft LLC Verge3D Publishing and E-Commerce.This issue affects Verge3D Publishing and E-Commerce: from n/a through 4.5.2...
CVE-2023-46614
Cross-Site Request Forgery CSRF vulnerability in Mat Bao Corp WP Helper Premium plugin = 4.5.1 versions...
BigTree CMS 安全漏洞
BigTree CMS is a content management system. A cross-site scripting vulnerability exists in BigTree CMS version v4.5.7, which stems from the application's lack of effective filtering and escaping of user-supplied data, and can be exploited by a remote attacker to execute arbitrary code via ID...
IBOS SQL Injection Vulnerability
IBOS is a collaborative office management system. An SQL injection vulnerability exists in IBOS OA version 4.5.5, which stems from the fact that incorrect manipulation of the touid in the addComment function of ?r=weibo/comment/addcomment can lead to SQL injection...
CVE-2023-4545
A vulnerability was found in IBOS OA 4.5.5. It has been classified as critical. Affected is an unknown function of the file ?r=recruit/bgchecks/export&checkids=x. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public an...