CVE-2024-37486

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through 3.0.5...

WordPress plugin Alex Reservations 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerabili...

WordPress plugin VForm 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2025-23664

Cross-Site Request Forgery CSRF vulnerability in Real Seguro Viagem Real Seguro Viagem seguro-viagem allows Stored XSS.This issue affects Real Seguro Viagem: from n/a through = 2.0.5...

WordPress MemeOne plugin <= 2.0.5 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO in WordPress Plugin MemeOne versions = 2.0.5...

CVE-2024-10789 WP User Profile Avatar <= 1.0.5 - Cross-Site Request Forgery to Settings Update

The WP User Profile Avatar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on the wpupauseradmin function. This makes it possible for unauthenticated attackers to update the plugins...

WordPress افزونه پیامک ووکامرس Persian WooCommerce SMS plugin <= 7.0.5 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by minhtuanact Patchstack Alliance in WordPress Plugin Persian Woocommerce SMS versions = 7.0.5...

cross-spawn 安全漏洞

cross-spawn is an open source library from MOXY. A security vulnerability exists in cross-spawn versions prior to 7.0.5, which stems from improper input cleanup and is vulnerable to a regular expression denial of service attack...

CVE-2024-48232

An issue was found in mipjz 5.0.5. In the mipPost method of \app\setting\controller\ApiAdminTool.php, the value of the postAddress parameter is not processed and is directly passed into curlexec execution and output, resulting in a Server-side request forgery SSRF vulnerability that can read serv...

CVE-2024-46261

cutepng v1.05 was discovered to contain a heap buffer overflow via the cpmake32 function at cutepng.h...

WordPress Automatically Hierarchic Categories in Menu plugin <= 2.0.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by theviper17 Patchstack Alliance in WordPress Plugin Automatically Hierarchic Categories in Menu versions = 2.0.5...

CVE-2024-8877

Improper neutralization of special elements results in a SQL Injection vulnerability in Riello Netman 204. It is only limited to the SQLite database of measurement data.This issue affects Netman 204: through 4.05...

Cervantes 安全漏洞

Cervantes is an open source collaboration platform designed for Pentester and Red Teams by Cervantes Open Source. A security vulnerability exists in Cervantes 0.5-alpha and earlier versions that stems from the presence of a stored cross-site scripting vulnerability...

Suricata security breach

Suricata is a suite of network intrusion detection systems IDS, intrusion prevention systems IPS, and network security monitoring engines developed by the Open Information Security Foundation OISF and its supporting vendors, which supports multi-threading, built-in IPv6, and the ability to load...

CVE-2024-35688

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Jewel Theme Master Addons for Elementor allows Stored XSS.This issue affects Master Addons for Elementor: from n/a through 2.0.5.9...

CVE-2024-36388

MileSight DeviceHub - CWE-305 Missing Authentication for Critical Function...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow due to a stack buffer overrun in the Double Parse routine. An attacker can execute arbitrary code by supplying a specially crafted input that triggers the buffer overrun. Remediation Upgrade...

DEBIAN-CVE-2024-32663

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, a small amount of HTTP/2 traffic can lead to Suricata using a large amount of memory. The issue has been addressed in Suricata 7.0.5 and 6.0.19...

Suricata 安全漏洞

Suricata is a suite of network Intrusion Detection Systems IDS, Intrusion Prevention Systems IPS, and network security monitoring engines developed by the Open Information Security Foundation OISF and its supporting vendors, which supports multi-threading, built-in IPv6, and the ability to load...

PT-2024-29390

Name of the Vulnerable Software and Affected Versions Xpdf versions 4.05 and earlier Description The issue is an out-of-bounds array write triggered by an invalid character code in a Type 1 font. The root problem was a bounds check that was being optimized away by modern compilers. Recommendation...