CVE-2022-3767

Missing validation in DAST analyzer affecting all versions from 1.11.0 prior to 3.0.32, allows custom request headers to be sent with every request, regardless of the host...

CVE-2024-56133 Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.

Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 inclusive From 7.2.49.0 to 7.2.54.12 inclusive 7.2.48.12 and all prior versions ECS All prior...

CVE-2020-11066

In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, calling unserialize on malicious user-submitted content can lead to modification of dynamically-determined object attributes and result in triggering deletion of an arbitrary...

CVE-2024-43966

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Stark Digital WP Testimonial Widget.This issue affects WP Testimonial Widget: from n/a through 3.1...

CVE-2024-32086

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in AitThemes Citadela Listing.This issue affects Citadela Listing: from n/a through 5.18.1...

CVE-2024-50532

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jerin K Alexander Events Manager Pro – extended events-manager-pro-extended allows Reflected XSS.This issue affects Events Manager Pro – extended: from n/a through = 0.1...

CVE-2024-49609

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Brandon White Author Discussion author-discussion allows Blind SQL Injection.This issue affects Author Discussion: from n/a through = 0.2.2...

CVE-2024-54367

Deserialization of Untrusted Data vulnerability in Ultimate Member ForumWP forumwp allows Object Injection.This issue affects ForumWP: from n/a through = 2.1.0...

CVE-2024-51658

Cross-Site Request Forgery CSRF vulnerability in Henrik Hoff WP Course Manager wp-course-manager allows Stored XSS.This issue affects WP Course Manager: from n/a through = 1.3...

CVE-2024-33548

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AA-Team WZone allows Reflected XSS.This issue affects WZone: from n/a through 14.0.10...

CVE-2024-55988

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Amol Nirmala Waman Navayan CSV Export navayan-csv-export allows Blind SQL Injection.This issue affects Navayan CSV Export: from n/a through = 1.0.9...

CVE-2024-31366

Missing Authorization vulnerability in Themify Post Type Builder PTB.This issue affects Post Type Builder PTB: from n/a through 2.0.8...

curl 安全漏洞

curl is a cURL open source tool for transferring data from or to a server. A security vulnerability exists in curl versions 7.10.5 through 8.11.1 that stems from incorrectly closing the same eventfd file descriptor twice when closing the connection channel after completing threaded name resolutio...

IBM Cognos Analytics 代码问题漏洞

IBM Cognos Analytics is a suite of business intelligence software from International Business Machines IBM. The software includes reports, dashboards, and scorecards, and can assist companies in adjusting their decision-making by analyzing such things as key factors and key people. A code issue...

CVE-2024-22290

Cross-Site Request Forgery CSRF vulnerability in AboZain,O7abeeb,UnitOne Custom Dashboard Widgets allows Cross-Site Scripting XSS.This issue affects Custom Dashboard Widgets: from n/a through 1.3.1...

CVE-2024-22293

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Andrea Tarantini BP Profile Search allows Reflected XSS.This issue affects BP Profile Search: from n/a through 5.5...

CVE-2024-0199

An authorization bypass vulnerability was discovered in GitLab affecting versions 11.3 prior to 16.7.7, 16.7.6 prior to 16.8.4, and 16.8.3 prior to 16.9.2. An attacker could bypass CODEOWNERS by utilizing a crafted payload in an old feature branch to perform malicious actions...

CVE-2024-53733

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in harshtohit111 Fence URL fence-url allows Stored XSS.This issue affects Fence URL: from n/a through = 2.0.0...

@accelint/vitest-config (=0.1.4), @ai16z/plugin-evm (>=0.1.5-alpha.2 <=0.1.5-alpha.5) +88 more potentially affected by CVE-2025-24964 via vitest (>=2.0.1 <=2.1.8)

vitest NPM version =2.0.1, =0.1.5-alpha.2, =0.1.5-alpha.0, =0.1.5-alpha.0, =0.1.5-alpha.0, =0.0.0, =0.0.1, =0.1.1, =1.2.1, =0.0.1, =0.1.8-alpha.1, =0.1.9 and more Source cves: CVE-2025-24964 Source advisory: OSV:GHSA-9CRC-Q9X8-HGQQ...

com.instaclustr:cassandra-4 (=1.0), com.instaclustr:cassandra-kerberos-4 (=1.0.0) +24 more potentially affected by CVE-2025-23015 via org.apache.cassandra:cassandra-all (>=4.0-alpha3 <=4.0.13)

org.apache.cassandra:cassandra-all MAVEN version =4.0-alpha3, =1.0.2, =1.1, =1.0.0, =1.0.0, =4.4.0.0, =4.4.0.1 and more Source cves: CVE-2025-23015 Source advisory: OSV:GHSA-WMCC-9VCH-JMX4...