199 matches found
PT-2025-3548 · Lunasvg · Lunasvg
Name of the Vulnerable Software and Affected Versions: lunasvg version 3.0.0 Description: A segmentation violation was discovered in lunasvg via the plutovg blend component. This issue can be exploited. Recommendations: For lunasvg version 3.0.0, as a temporary workaround, consider disabling the...
WordPress CAMOO SMS plugin <= 3.0.1 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Le Ngoc Anh in WordPress Plugin CAMOO SMS versions = 3.0.1...
WordPress plugin Classic Addons 路径遍历漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...
CVE-2024-53647
Trend Micro ID Security, version 3.0 and below contains a vulnerability that could allow an attacker to send an unlimited number of email verification requests without any restriction, potentially leading to abuse or denial of service...
Fields GLPI plugin 安全漏洞
Fields GLPI plugin is an open source plugin for GLPI Project Plugins. A security vulnerability exists in the Fields GLPI plugin version 3.0.0 through versions prior to 3.0.3, which stems from an inadequate security check that allows an unauthenticated attacker to determine if data with a specific...
BYD Dilink Headunit System 安全漏洞
BYD Dilink Headunit System is an in-vehicle operating system of the Chinese company BYD BYD. A security vulnerability exists in BYD Dilink Headunit System version v3.0 to v4.0. An attacker can exploit the vulnerability to bypass authentication via brute force attack...
OpsManage 代码问题漏洞
OpsManage is a code deployment, application deployment, scheduled tasks, and device asset management platform by William.Cao Personal Developer. A code issue vulnerability exists in OpsManage. An attacker exploiting this vulnerability could cause data deserialization. The following versions are...
Enel X Waybox 安全漏洞
The Enel X Waybox is a home charging station from Enel X, Inc. A security vulnerability exists in version 3.0 of the Enel X Waybox that stems from the fact that the TCF proxy service can be used to gain administrator privileges on the Waybox system...
CVE-2024-10469
VINCE versions before 3.0.9 is vulnerable to exposure of User information to authenticated users...
Apache Syncope 跨站脚本漏洞
Apache Syncope is an open source digital identity management system from the Apache USA Foundation for use in enterprise environments. The system supports identity management, role configuration, and more. A cross-site scripting vulnerability exists in Apache Syncope versions 2.1.X through 2.1.14...
WordPress Photo Gallery Builder plugin <= 3.0 - Broken Access Control to Notice Dismissal vulnerability
Broken Access Control to Notice Dismissal vulnerability discovered by Marek Mikita Patchstack Alliance in WordPress Plugin Photo Gallery Builder versions = 3.0...
PT-2024-10623 · WordPress · File Manager
Name of the Vulnerable Software and Affected Versions: File Manager plugin for WordPress versions up to, and including, 3.0 Description: The issue is related to a missing capability check in the /inc/root.php file, which allows unauthenticated attackers to bypass authorization. This enables them ...
WordPress WP 2FA with Telegram plugin <= 3.0 - Two-Factor Authentication Bypass vulnerability
Two-Factor Authentication Bypass vulnerability discovered by István Márton in WordPress Plugin WP 2FA with Telegram versions = 3.0...
PT-2024-39967 · Newtype · Newtype Webeip
Name of the Vulnerable Software and Affected Versions: NewType WebEIP version 3.0 Description: The issue is related to improper validation of user input, allowing a remote attacker with regular privileges to insert JavaScript into specific parameters. This results in a Reflected Cross-site...
moziloCMS 安全漏洞
moziloCMS is a content management system CMS in the moziloCMS open source. A security vulnerability exists in moziloCMS version 3.0, which stems from the presence of a Reflective Cross-Site Scripting XSS vulnerability that could allow an attacker to execute arbitrary code in the context of a user...
Mikafon MA7 SQL注入漏洞
Mikafon MA7 is an application from Mikafon Inc. A SQL injection vulnerability exists in Mikafon MA7 versions v3.0 through v3.1, which stems from improper neutralization using a special element resulting in SQL injection...
PT-2024-28117 · Unknown · Skt Addons For Elementor
Name of the Vulnerable Software and Affected Versions: SKT Addons for Elementor versions 3.0 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendations: F...
CVE-2024-27717
Cross Site Request Forgery vulnerability in Eskooly Free Online School Management Software v.3.0 and before allows a remote attacker to escalate privileges via the Token Handling component...
WordPress Similarity plugin <= 3.0 - CSRF Leading to Stored Cross-Site Scripting vulnerability
CSRF Leading to Stored Cross-Site Scripting vulnerability discovered by Bob Matyas in WordPress Plugin Similarity versions = 3.0...
PT-2024-27200 · Unknown · Phpgurukul Small Crm
Name of the Vulnerable Software and Affected Versions: PHPGurukul Small CRM version 3.0 Description: A critical issue has been found in the Registration Page component of PHPGurukul Small CRM, affecting some unknown functionality. This issue leads to SQL injection. The attack can be launched...