π¨ CVE-2023-32221
EaseUS Todo Backup version 20220111.390 - An omission during installation may allow a local attacker to perform privilege escalation.
π@cveNotify
EaseUS Todo Backup version 20220111.390 - An omission during installation may allow a local attacker to perform privilege escalation.
π@cveNotify
π¨ CVE-2024-3393
A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode.
π@cveNotify
A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode.
π@cveNotify
Palo Alto Networks Product Security Assurance
CVE-2024-3393 PAN-OS: Firewall Denial of Service (DoS) in DNS Security Using a Specially Crafted Packet
A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall...
π¨ CVE-2024-8066
The File Manager Pro β Filester plugin for WordPress is vulnerable to arbitrary file uploads due to missing validation in the 'fsConnector' function in all versions up to, and including, 1.8.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted permissions by an Administrator, to upload a new .htaccess file allowing them to subsequently upload arbitrary files on the affected site's server which may make remote code execution possible.
π@cveNotify
The File Manager Pro β Filester plugin for WordPress is vulnerable to arbitrary file uploads due to missing validation in the 'fsConnector' function in all versions up to, and including, 1.8.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted permissions by an Administrator, to upload a new .htaccess file allowing them to subsequently upload arbitrary files on the affected site's server which may make remote code execution possible.
π@cveNotify
π¨ CVE-2025-22383
An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity input validation issue exists in the Commerce B2B application, affecting the Contact Us functionality. This allows visitors to send e-mail messages that could contain unfiltered HTML markup in specific scenarios.
π@cveNotify
An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity input validation issue exists in the Commerce B2B application, affecting the Contact Us functionality. This allows visitors to send e-mail messages that could contain unfiltered HTML markup in specific scenarios.
π@cveNotify
Support Help Center
Configured Commerce Security Advisory - COM-2024-03
Brief Description:
A medium-severity input validation issue was discovered in the Commerce B2B application, affecting the Contact Us functionality. The vulnerability allowed visitors to send emails...
A medium-severity input validation issue was discovered in the Commerce B2B application, affecting the Contact Us functionality. The vulnerability allowed visitors to send emails...
π1
π¨ CVE-2025-22384
An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue concerning business logic exists in the Commerce B2B application, which allows storefront visitors to purchase discontinued products in specific scenarios where requests are altered before reaching the server.
π@cveNotify
An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue concerning business logic exists in the Commerce B2B application, which allows storefront visitors to purchase discontinued products in specific scenarios where requests are altered before reaching the server.
π@cveNotify
Support Help Center
Configured Commerce Security Advisory - COM-2024-02
Brief Description:
A medium-severity issue concerning business logic was identified in the Commerce B2B application, which allows storefront visitors to purchase discontinued products in specific s...
A medium-severity issue concerning business logic was identified in the Commerce B2B application, which allows storefront visitors to purchase discontinued products in specific s...
π¨ CVE-2025-22385
An issue was discovered in Optimizely Configured Commerce before 5.2.2408. For newly created accounts, the Commerce B2B application does not require email confirmation. This medium-severity issue allows the mass creation of accounts. This could affect database storage; also, non-requested storefront accounts can be created on behalf of visitors.
π@cveNotify
An issue was discovered in Optimizely Configured Commerce before 5.2.2408. For newly created accounts, the Commerce B2B application does not require email confirmation. This medium-severity issue allows the mass creation of accounts. This could affect database storage; also, non-requested storefront accounts can be created on behalf of visitors.
π@cveNotify
Support Help Center
Configured Commerce Security Advisory - COM-2024-05
Brief Description:
For newly created accounts the Commerce B2B application did not require email confirmation. This medium-severity issue allowed the mass creation of accounts which could affect d...
For newly created accounts the Commerce B2B application did not require email confirmation. This medium-severity issue allowed the mass creation of accounts which could affect d...
π¨ CVE-2025-22386
An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity session issue exists in the Commerce B2B application, affecting the longevity of active sessions in the storefront. This allows session tokens tied to logged-out sessions to still be active and usable.
π@cveNotify
An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity session issue exists in the Commerce B2B application, affecting the longevity of active sessions in the storefront. This allows session tokens tied to logged-out sessions to still be active and usable.
π@cveNotify
Support Help Center
Configured Commerce Security Advisory - COM-2024-04
Brief Description:
A medium-severity session issue was discovered in the Commerce B2B application, affecting the longevity of active sessions in the storefront. The vulnerability allowed session to...
A medium-severity session issue was discovered in the Commerce B2B application, affecting the longevity of active sessions in the storefront. The vulnerability allowed session to...
π¨ CVE-2025-22387
An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue exists in requests for resources where the session token is submitted as a URL parameter. This exposes information about the authenticated session, which can be leveraged for session hijacking.
π@cveNotify
An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue exists in requests for resources where the session token is submitted as a URL parameter. This exposes information about the authenticated session, which can be leveraged for session hijacking.
π@cveNotify
Support Help Center
Configured Commerce Security Advisory - COM-2024-06
Brief Description:
Medium-severity issue was identified in requests for resources where the session token was submit as a URL parameter. This exposes information about the authenticated session wh...
Medium-severity issue was identified in requests for resources where the session token was submit as a URL parameter. This exposes information about the authenticated session wh...
π¨ CVE-2025-22386
An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity session issue exists in the Commerce B2B application, affecting the longevity of active sessions in the storefront. This allows session tokens tied to logged-out sessions to still be active and usable.
π@cveNotify
An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity session issue exists in the Commerce B2B application, affecting the longevity of active sessions in the storefront. This allows session tokens tied to logged-out sessions to still be active and usable.
π@cveNotify
Support Help Center
Configured Commerce Security Advisory - COM-2024-04
Brief Description:
A medium-severity session issue was discovered in the Commerce B2B application, affecting the longevity of active sessions in the storefront. The vulnerability allowed session to...
A medium-severity session issue was discovered in the Commerce B2B application, affecting the longevity of active sessions in the storefront. The vulnerability allowed session to...
π¨ CVE-2025-22387
An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue exists in requests for resources where the session token is submitted as a URL parameter. This exposes information about the authenticated session, which can be leveraged for session hijacking.
π@cveNotify
An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue exists in requests for resources where the session token is submitted as a URL parameter. This exposes information about the authenticated session, which can be leveraged for session hijacking.
π@cveNotify
Support Help Center
Configured Commerce Security Advisory - COM-2024-06
Brief Description:
Medium-severity issue was identified in requests for resources where the session token was submit as a URL parameter. This exposes information about the authenticated session wh...
Medium-severity issue was identified in requests for resources where the session token was submit as a URL parameter. This exposes information about the authenticated session wh...
π¨ CVE-2025-22388
An issue was discovered in Optimizely EPiServer.CMS.Core before 12.22.0. A high-severity Stored Cross-Site Scripting (XSS) vulnerability exists in the CMS, allowing malicious actors to inject and execute arbitrary JavaScript code, potentially compromising user data, escalating privileges, or executing unauthorized actions. The issue exists in multiple areas, including content editing, link management, and file uploads.
π@cveNotify
An issue was discovered in Optimizely EPiServer.CMS.Core before 12.22.0. A high-severity Stored Cross-Site Scripting (XSS) vulnerability exists in the CMS, allowing malicious actors to inject and execute arbitrary JavaScript code, potentially compromising user data, escalating privileges, or executing unauthorized actions. The issue exists in multiple areas, including content editing, link management, and file uploads.
π@cveNotify
Support Help Center
Content Management System (CMS) Security Advisory - CMS-2025-01
Brief Description:
A high-severity Stored Cross-Site Scripting (XSS) vulnerability was identified in the CMS. The vulnerability allows malicious actors to inject and execute arbitrary JavaScript co...
A high-severity Stored Cross-Site Scripting (XSS) vulnerability was identified in the CMS. The vulnerability allows malicious actors to inject and execute arbitrary JavaScript co...
π¨ CVE-2025-22389
An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerability exists in the CMS, where the application does not properly validate uploaded files. This allows the upload of potentially malicious file types, including .docm .html. When accessed by application users, these files can be used to execute malicious actions or compromise users' systems.
π@cveNotify
An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerability exists in the CMS, where the application does not properly validate uploaded files. This allows the upload of potentially malicious file types, including .docm .html. When accessed by application users, these files can be used to execute malicious actions or compromise users' systems.
π@cveNotify
Support Help Center
Content Management System (CMS) Security Advisory - CMS-2025-03
Brief Description:
A medium-severity vulnerability was identified in the CMS, where the application did not properly validate uploaded files. This flaw allowed the upload of potentially malicious f...
A medium-severity vulnerability was identified in the CMS, where the application did not properly validate uploaded files. This flaw allowed the upload of potentially malicious f...
π¨ CVE-2025-22390
An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerability exists in the CMS due to insufficient enforcement of password complexity requirements. The application permits users to set passwords with a minimum length of 6 characters, lacking adequate complexity to resist modern attack techniques such as password spraying or offline password cracking.
π@cveNotify
An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerability exists in the CMS due to insufficient enforcement of password complexity requirements. The application permits users to set passwords with a minimum length of 6 characters, lacking adequate complexity to resist modern attack techniques such as password spraying or offline password cracking.
π@cveNotify
Support Help Center
Content Management System (CMS) Security Advisory - CMS-2025-02
Brief Description:
A medium-severity vulnerability was identified in the CMS due to insufficient enforcement of password complexity requirements. The application permitted users to set passwords wi...
A medium-severity vulnerability was identified in the CMS due to insufficient enforcement of password complexity requirements. The application permitted users to set passwords wi...
π¨ CVE-2025-0200
A vulnerability has been found in code-projects Point of Sales and Inventory Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /user/search_num.php. The manipulation of the argument search leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability has been found in code-projects Point of Sales and Inventory Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /user/search_num.php. The manipulation of the argument search leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
π¨ CVE-2025-0201
A vulnerability was found in code-projects Point of Sales and Inventory Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /user/update_account.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability was found in code-projects Point of Sales and Inventory Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /user/update_account.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
π¨ CVE-2025-0202
A vulnerability was found in TCS BaNCS 10. It has been classified as problematic. This affects an unknown part of the file /REPORTS/REPORTS_SHOW_FILE.jsp. The manipulation of the argument FilePath leads to file inclusion.
π@cveNotify
A vulnerability was found in TCS BaNCS 10. It has been classified as problematic. This affects an unknown part of the file /REPORTS/REPORTS_SHOW_FILE.jsp. The manipulation of the argument FilePath leads to file inclusion.
π@cveNotify
π¨ CVE-2025-0203
A vulnerability was found in code-projects Student Management System 1.0. It has been declared as critical. This vulnerability affects the function showSubject1 of the file /config/DbFunction.php. The manipulation of the argument sid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
π@cveNotify
A vulnerability was found in code-projects Student Management System 1.0. It has been declared as critical. This vulnerability affects the function showSubject1 of the file /config/DbFunction.php. The manipulation of the argument sid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
π@cveNotify
π¨ CVE-2024-10932
The Backup Migration plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.6 via deserialization of untrusted input in the 'recursive_unserialize_replace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to delete arbitrary files, retrieve sensitive data, or execute code. An administrator must create a staging site in order to trigger the exploit.
π@cveNotify
The Backup Migration plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.6 via deserialization of untrusted input in the 'recursive_unserialize_replace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to delete arbitrary files, retrieve sensitive data, or execute code. An administrator must create a staging site in order to trigger the exploit.
π@cveNotify
π¨ CVE-2024-11974
The Media Library Assistant plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the βsmc_settings_tab', 'unattachfixit-action', and 'woofixit-actionβ parameters in all versions up to, and including, 3.23 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
π@cveNotify
The Media Library Assistant plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the βsmc_settings_tab', 'unattachfixit-action', and 'woofixit-actionβ parameters in all versions up to, and including, 3.23 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
π@cveNotify
π¨ CVE-2024-12047
The WP Compress β Instant Performance & Speed Optimization plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the βcustom_serverβ parameter in all versions up to, and including, 6.30.03 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
π@cveNotify
The WP Compress β Instant Performance & Speed Optimization plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the βcustom_serverβ parameter in all versions up to, and including, 6.30.03 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
π@cveNotify
π¨ CVE-2024-12545
The Scratch & Win β Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.1. This is due to missing nonce validation on the reset_installation() function. This makes it possible for unauthenticated attackers to reset the pluginβs installation via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
π@cveNotify
The Scratch & Win β Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.1. This is due to missing nonce validation on the reset_installation() function. This makes it possible for unauthenticated attackers to reset the pluginβs installation via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
π@cveNotify