Ugrás a tartalomra

Riasztások

2025. feb. 24.

NA - CVE-2025-27352 - Improper Neutralization of Input During Web...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wumii team ???????? allows Stored XSS. This issue affects ????????: from n/a through...
security-database.com
Tovább
2025. feb. 24.

NA - CVE-2025-27353 - Cross-Site Request Forgery (CSRF) vulnerability...

Cross-Site Request Forgery (CSRF) vulnerability in Bob Namaste! LMS allows Cross Site Request Forgery. This issue affects Namaste! LMS: from n/a through 2.6.5.
security-database.com
Tovább
2025. feb. 24.

NA - CVE-2025-27355 - Cross-Site Request Forgery (CSRF) vulnerability...

Cross-Site Request Forgery (CSRF) vulnerability in Nicolas GRILLET Woocommerce – Loi Hamon allows Stored XSS. This issue affects Woocommerce – Loi Hamon: from n/a through 1.1.0.
security-database.com
Tovább
2025. feb. 24.

NA - CVE-2025-27356 - Missing Authorization vulnerability in Hardik...

Missing Authorization vulnerability in Hardik Sticky Header On Scroll allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sticky Header On Scroll: from n/a...
security-database.com
Tovább
2025. feb. 24.

NA - CVE-2025-27357 - Cross-Site Request Forgery (CSRF) vulnerability...

Cross-Site Request Forgery (CSRF) vulnerability in Musa AVCI Önceki Yazi Link allows Cross Site Request Forgery. This issue affects Önceki Yazi Link: from n/a through 1.3.
security-database.com
Tovább
2025. feb. 24.

NA - CVE-2024-56897 - Improper access control in the HTTP server in...

Improper access control in the HTTP server in YI Car Dashcam v3.88 allows unrestricted file downloads, uploads, and API commands. API commands can also be made to make unauthorized modifications to...
security-database.com
Tovább
2025. feb. 24.

NA - CVE-2025-25460 - A stored Cross-Site Scripting (XSS)...

A stored Cross-Site Scripting (XSS) vulnerability was identified in FlatPress 1.3.1 within the "Add Entry" feature. This vulnerability allows authenticated attackers to inject malicious JavaScript...
security-database.com
Tovább
2025. feb. 24.

NA - CVE-2025-26803 - The http parser in Phusion Passenger 6.0.21...

The http parser in Phusion Passenger 6.0.21 through 6.0.25 before 6.0.26 allows a denial of service during parsing of a request with an invalid HTTP method.
security-database.com
Tovább
2025. feb. 24.

NA - CVE-2025-22495 - An improper input validation vulnerability was...

An improper input validation vulnerability was discovered in the NTP server configuration field of the Network-M2 card. This could result in an authenticated high privileged user having the ability...
security-database.com
Tovább
2025. feb. 24.

NA - CVE-2025-26200 - SQL injection in SLIMS v.9.6.1 allows a remote...

SQL injection in SLIMS v.9.6.1 allows a remote attacker to escalate privileges via the month parameter in the visitor_report_day.php component.
security-database.com
Tovább
Nyelv