CVE-2025-69391

CVE-2025-69391 corresponds to WordPress Diamond theme (GT3themes)

WordPress plugin Diamond 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

Magento Security feature bypass

Magento versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized access...

Magento Authenticated Security feature bypass

Magento versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and gain limited...

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition enabling the bypass of a security feature. Remediation Upgrade magento/community-edition to version 2.4.4-p12, 2.4.5-p11,...

CVE-2025-24420

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to modify select data. Exploitation of this...

CVE-2025-24665 WordPress Small Package Quotes Plugin <= 2.4.8 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in enituretechnology Small Package Quotes – Unishippers Edition small-package-quotes-unishippers-edition allows SQL Injection.This issue affects Small Package Quotes – Unishippers Edition: from n/a...

WordPress Responsive Lightbox plugin <= 2.4.8 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin Responsive Lightbox versions = 2.4.8...

MarkUs 路径遍历漏洞

MarkUs is a Ruby on Rails and React web application from MarkUs open source for submitting and grading student assignments. A path traversal vulnerability exists in MarkUs versions prior to 2.4.8 that originates from an authenticated user who can download any file on the running web server based ...

CVE-2024-35235

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.8 and earlier, when starting the cupsd server with a Listen configuration item pointing to a symbolic link, the cupsd process can be caused to perform an arbitrary chmod of the...

WordPress plugin WidgetKit 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

CVE-2022-43430

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

PT-2022-26914 · Compuware +1 · Topaz For Total Test Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Compuware Topaz for Total Test Plugin versions 2.4.8 and earlier Description: The issue arises from the plugin not configuring its XML parser to prevent XML external entity XXE attacks. This allows attackers who can control the input...

CVE-2022-31064 Cross site scripting in username that will trigger by sending chat

BigBlueButton is an open source web conferencing system. Users in meetings with private chat enabled are vulnerable to a cross site scripting attack in affected versions. The attack occurs when the attacker with xss in the name starts a chat. in the victim's client the JavaScript will be executed...

PKP Vendor Open Journal System 跨站脚本漏洞

PKP Vendor Open Journal System is an open journal system organized by PKP. It is used to manage and publish academic journals. A cross-site scripting vulnerability exists in PKP Vendor Open Journal System versions v2.4.8 through v3.3.8, which can be exploited by an attacker via a specially crafte...

CVE-2018-14367

In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the CoAP protocol dissector could crash. This was addressed in epan/dissectors/packet-coap.c by properly checking for a NULL condition...