119 matches found
PT-2025-16376 · Hcl · Hcl Bigfix Web Reports
Name of the Vulnerable Software and Affected Versions: HCL BigFix Web Reports affected versions not specified Description: The issue is related to a potentially weak validation of user input, which might make HCL BigFix Web Reports subject to a Stored Cross-Site Scripting XSS attack...
The vulnerability of the modTMSM component in the Trend Micro Apex Central security monitoring and management tool allows a malicious actor to gain unauthorized access to protected information.
The vulnerability of the modTMSM component in the Trend Micro Apex Central security management and monitoring tool is related to insufficient checking of incoming requests. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...
WordPress plugin Subscriptions & Memberships for PayPal 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists i...
PT-2025-7306 · Phpjabbers · Phpjabbers Shared Asset Booking System
Name of the Vulnerable Software and Affected Versions: PHPJabbers Shared Asset Booking System version 1.0 Description: The issue is related to a CSV injection vulnerability that allows an attacker to execute remote code. This vulnerability exists due to insufficient input validation in the...
WordPress plugin WP Foodbakery 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...
WordPress plugin WordPress Contact Forms by Cimatti 跨站请求伪造漏洞
WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin WordPress Contact Forms by Cimatti 1.9.2 and earlier versio...
PT-2024-39947
Name of the Vulnerable Software and Affected Versions Wux Blog Editor plugin for WordPress versions up to and including 3.0.0 Description The Wux Blog Editor plugin for WordPress is susceptible to arbitrary file uploads due to inadequate file type validation within the wuxbt insertImageNew...
CVE-2023-0714
The Metform Elementor Contact Form Builder for WordPress is vulnerable to Arbitrary File Upload due to insufficient file type validation in versions up to, and including, 3.2.4. This allows unauthenticated visitors to perform a "double extension" attack and upload files containing a malicious...
The vulnerability of the WOPI protocol implementation in the MyOffice SDK software development kit allows a hacker to manipulate requests from the server.
The vulnerability of the WOPI protocol implementation in the MyOffice SDK software relates to insufficient validation of incoming requests. Exploiting this vulnerability allows a malicious actor to manipulate requests from the server remotely...
PT-2024-23607 · Unknown · Ros Kinetic Kame
Name of the Vulnerable Software and Affected Versions: ROS Kinetic Kame affected versions not specified Description: The issue is related to an arbitrary file upload vulnerability due to insufficient file upload validation. Recommendations: At the moment, there is no information about a newer...
libreoffice: Insufficient macro permission validation leading to macro execution
An insufficient permission validation vulnerability was found in LibreOffice. In versions that support running commands in hyperlinks, an attacker can execute built-in macros without warning the user...
PublicCMS 跨站请求伪造漏洞
PublicCMS is a content management system. A cross-site request forgery vulnerability exists in PubliCMS version 4.0.202302.e. The vulnerability stems from a WEB application that does not adequately validate that a request is coming from a trusted user. The vulnerability can be exploited to forge ...
CVE-2023-6316
The MW WP Form plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'singlefileupload' function in versions up to, and including, 5.0.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's...
CVE-2023-1514
A vulnerability exists in the component RTU500 Scripting interface. When a client connects to a server using TLS, the server presents a certificate. This certificate links a public key to the identity of the service and is signed by a Certification Authority CA, allowing the client to validate th...
WordPress Plugin Essential Real Estate Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
CVE-2023-49058
SAP Master Data Governance File Upload application allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing ‘traverse to parent directory’ are passed through to the file APIs. As a result, it has a low impact to the confidentiality...
PT-2023-32670 · WordPress · Contact Form 7
Name of the Vulnerable Software and Affected Versions: Contact Form 7 versions up to, and including, 5.8.3 Description: The issue arises from insufficient file type validation in the validate function and insufficient blocklisting on the wpcf7 antiscript file name function. This allows...
CVE-2023-2449
The UserPro plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 5.1.1. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function userproprocessform. The function uses the plainte...
CVE-2023-4915
The WP User Control plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 1.5.3. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function in the WP User Control Widget. The functi...
The vulnerability of the defaultrepositoryadmin service in the Crucible code-checking tool, as well as the Fisheye code-searching and comparing tool, allows a hacker to perform an SSRF attack.
The vulnerability of the defaultrepositoryadmin service in the Crucible code-checking tool, as well as the Fisheye tool for code search and comparison, is related to insufficient validation of incoming requests. Exploiting this vulnerability could allow a malicious actor to perform an SSRF attack...