Pegasystem PEGA Platform 安全漏洞

Pegasystem PEGA Platform is a suite of application development platforms from Pegasystem, USA. The platform is used to develop applications such as BPM Business Process Management, Case Management, Real-Time Decision Making and CRM Customer Relationship Management. A security vulnerability exists...

PT-2025-4493 · Lucidlms · Lucidlms

Name of the Vulnerable Software and Affected Versions: LucidLMS versions n/a through 1.0.5 Description: The issue is an Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS, which allows Reflected XSS. This can be exploited through reflected XSS, whe...

CVE-2024-13304

Cross-Site Request Forgery CSRF vulnerability in Drupal Minify JS allows Cross Site Request Forgery.This issue affects Minify JS: from 0.0.0 before 3.0.3...

CVE-2024-13308

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Browser Back Button allows Cross-Site Scripting XSS.This issue affects Browser Back Button: from 1.0.0 before 2.0.2...

CVE-2024-13298

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Tarte au Citron allows Cross-Site Scripting XSS.This issue affects Tarte au Citron: from 2.0.0 before 2.0.5...

CVE-2024-13284 Gutenberg - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2024-048

Cross-Site Request Forgery CSRF vulnerability in Drupal Gutenberg allows Cross Site Request Forgery.This issue affects Gutenberg: from 0.0.0 before 2.13.0, from 3.0.0 before 3.0.5...

CVE-2025-22820 WordPress VR Views plugin <= 1.5.1 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Daniel Walmsley VR Views allows Stored XSS.This issue affects VR Views: from n/a through 1.5.1...

CVE-2025-22820 WordPress VR Views plugin <= 1.5.1 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in goldsounds VR Views vr-views allows Stored XSS.This issue affects VR Views: from n/a through = 1.5.1...

PT-2025-4385 · Unknown +2 · Sqlalchemy +3

Name of the Vulnerable Software and Affected Versions: Strawberry GraphQL versions 0.182.0 through 0.257.0 Description: A type confusion vulnerability exists in Strawberry GraphQL's relay integration, affecting multiple ORM integrations, including Django, SQLAlchemy, and Pydantic. This issue occu...

Drupal 安全漏洞

Drupal is an open source content management system developed in the PHP language by the Drupal community. A security vulnerability exists in Drupal Node Access Rebuild Progressive versions 7.X-1.0 through 7.X-1.2, which stems from the inclusion of an ownership mismanagement vulnerability...

Pingvin Share 代码问题漏洞

Pingvin Share is a self-hosted file sharing platform by Elias Schneider Personal Developer. A code issue vulnerability exists in Pingvin Share versions 0.6.0 through 1.3.0. An attacker can exploit the vulnerability to overwrite arbitrary files on the server via an HTTP POST request...

CVE-2025-22300

Cross-Site Request Forgery CSRF vulnerability in PixelYourSite PixelYourSite – Your smart PIXEL TAG Manager pixelyoursite allows Cross Site Request Forgery.This issue affects PixelYourSite – Your smart PIXEL TAG Manager: from n/a through = 10.0.1.2...

CVE-2024-11626

Progress Sitefinity CVE-2024-11626 is an XSS-type vulnerability due to improper input neutralization in the CMS backend page generation. It affects Sitefinity releases 4.0–14.4.8142, 15.0.8200–15.0.8229, 15.1.8300–15.1.8327, and 15.2.8400–15.2.8421. The CVE details are corroborated by NVD, Red Ha...

CVE-2024-11625

Information Exposure Through an Error Message vulnerability in Progress Software Corporation Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421...

PT-2025-4568 · Unknown · Biltorvet Dealer Tools

Name of the Vulnerable Software and Affected Versions: Biltorvet Dealer Tools versions 1.0.0 through 1.0.22 Description: The issue is related to improper neutralization of input during web page generation, which allows for Stored Cross-site Scripting XSS. This means that an attacker can inject...

IBM Concert 安全漏洞

IBM Concert is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. An information disclosure vulnerability exists in IBM Concert versions 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3, which stems from a detailed technical...

CVE-2024-11716

CVE-2024-11716 (CTFd) : A logic flaw in CTFd allows an authenticated user to reset their bracket after registration and join another team while a competition is ongoing. Affected releases: 3.7.0—3.7.4. The issue was addressed in 3.7.5 via pull request 2636. Practical impact: potentially enables b...

CVE-2024-37458

Cross-Site Request Forgery CSRF vulnerability in extendthemes Highlight highlight allows Cross Site Request Forgery.This issue affects Highlight: from n/a through = 1.0.29...

PT-2025-2484 · Desertthemes · Newsmash

Name of the Vulnerable Software and Affected Versions: DesertThemes NewsMash versions 1.0.0 through 1.0.34 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows an attacker to perform unauthorized actions on a user's account. Recommendations: For versions 1.0.0...

aleksis (>=2025.1.0 <=2025.1.1), aleksis-app-alsijil (>=4.0.0 <=4.0.0.dev9) +143 more potentially affected by unknown CVE via django-allauth (>=65.0.1 <=65.2.0)

django-allauth PYPI version =65.0.1, =2025.1.0, =4.0.0, =3.0.0.dev0, =4.0.0, =4.0.0, =0.1.0.dev0, =4.0.0, =3.0.0.dev0, =4.0.0.dev0, =4.0.0, =0.1.0.dev0, =0.3.0, =4.0.0, =0.1.0.dev1, =3.0.0, =3.0.0.dev0 and more Source cves: unknown CVE Source advisory: SNYK:PYTHON-DJANGOALLAUTH-8600545...