4 matches found
CVE-2025-14144
CVE-2025-14144 affects Mstoic Shortcodes for WordPress. The vulnerability is a stored XSS via the start attribute of the ms_youtube_embeds shortcode, present in all versions up to and including 2.0, due to insufficient input sanitization and output escaping. Exploitation requires authentication a...
PT-2024-39261 · WordPress · Wp Booking System – Booking Calendar
Name of the Vulnerable Software and Affected Versions: The WP Booking System – Booking Calendar plugin for WordPress versions up to, and including, 2.0.19.8 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg and remove query arg without appropriate...
PT-2023-6335 · Adobe · Substance3D - Stager
Name of the Vulnerable Software and Affected Versions: Adobe Substance 3D Stager versions 2.0.1 and earlier Description: The issue is related to a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires use...
多款 ZITADEL 产品 安全漏洞
ZITADEL is a modern open source alternative to Auth0, Firebase Auth, AWS Cognito, and Keycloak built for the age of containers and serverless, open sourced by ZITADEL in Switzerland. ZITADEL suffers from a security vulnerability that stems from a lack of authorization checks, where Actions is abl...