JeeWMS 安全漏洞

JeeWMS is a JAVA-based warehouse management system . A cross-site scripting vulnerability exists in JeeWMS 3.7 and earlier versions, which stems from the lack of effective filtering and escaping of user-supplied data by the logController.do component, and can be exploited by an attacker to disclo...

Linux Distros Unpatched Vulnerability : CVE-2019-14829

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in Moodle affection 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions where activity creation capabilities wer...

CVE-2011-10022

CVE-2011-10022 concerns SPlayer up to version 3.7, vulnerable to a stack-based buffer overflow while processing an HTTP response with an overly long Content-Type header. The underlying cause is improper bounds checking on the header value, allowing an attacker to overwrite the Structured Exceptio...

CVE-2023-22380

A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This...

CVE-2025-22349

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Marka WordPress Auction Plugin wp-auctions allows SQL Injection.This issue affects WordPress Auction Plugin: from n/a through = 3.7...

Joomla core 3.7.0-3.10.15-elts,4.0.0-4.4.5,5.0.0-5.1.1 - Unauthenticated XSS in com_fields default field value vulnerability

Unauthenticated XSS in comfields default field value vulnerability discovered by ? in WordPress Core Joomla versions 3.7.0-3.10.15-elts,4.0.0-4.4.5,5.0.0-5.1.1...

PT-2024-22027 · Jeewms · Jeewms

Name of the Vulnerable Software and Affected Versions: Jeewms versions 3.7 and earlier Description: The issue allows a remote attacker to escalate privileges via the AuthInterceptor component. Recommendations: For Jeewms versions 3.7 and earlier, at the moment, there is no information about a new...

CVE-2023-43835

Super Store Finder 3.7 and below is vulnerable to authenticated Arbitrary PHP Code Injection that could lead to Remote Code Execution when settings overwrite config.inc.php content...

CVE-2023-2078

The "Buy Me a Coffee – Button and Widget Plugin" plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the recievepost, bmcdisconnect, namepost, and widgetpost functions in versions up to, and including, 3.7. This makes it possible for...

DEBIAN-CVE-2015-20107

In Python aka CPython up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input if they lack validation of user-provided...

UBUNTU-CVE-2015-20107

In Python aka CPython up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input if they lack validation of user-provided...

PT-2022-19381 · Jenkins · Jenkins Jira Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Jira Plugin versions 3.7 and earlier, except version 3.6.1 Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs because the Jenkins Jira Plugin does not escape the name and description of Jir...

CVE-2022-23796

An issue was discovered in Joomla! 3.7.0 through 3.10.6. Lack of input validation could allow an XSS attack using comfields...

Design/Logic Flaw

A vulnerability was found in Moodle where javaScript injection was possible in some Mustache templates via recursive rendering from contexts. Mustache helper tags that were included in template contexts were not being escaped before that context was injected into another Mustache helper, which...

Spree Authorization Bypass Vulnerability

Spree is a personal developer of an open source mall developed using Ruby on Rails. A security vulnerability exists in Spree versions 3.7 through 3.7.13, 4.0.5, and 4.1.12, which stems from an authorization bypass vulnerability. An attacker can exploit the vulnerability to query the API v2 order...

WordPress Cross-Site Scripting Vulnerability (CNVD-2020-27081)

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the 'stats' method of the class-wp-object-cache.php file in...

Oracle Hospitality Suites Management CVE-2020-2697 Local Security Vulnerability

Description Oracle Hospitality Suites Management is prone to a local security vulnerability. The vulnerability can be exploited over the 'HTTP' protocol. The 'Request Tracker' package is affected. This vulnerability affects the following supported versions: 3.7, 3.8 Technologies Affected Oracle...

WordPress Cross-Site Scripting Vulnerability (CNVD-2020-02447)

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress versions 3.7 through 5.3.0. The vulnerability stems...

UBUNTU-CVE-2019-20042

In wp-includes/formatting.php in WordPress 3.7 to 5.3.0, the function wptargetedlinkrel can be used in a particular way to result in a stored cross-site scripting XSS vulnerability. This has been patched in WordPress 5.3.1, along with all the previous WordPress versions from 3.7 to 5.3 via a mino...

Unspecified vulnerability in Moodle (CNVD-2019-43886)

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. A security vulnerability exists in Moodle versions 3.7 through 3.7.2 and 3.6 through 3.6.6, which stems from a failure of the Email med...