Pleasanter contains a stored cross-site scripting vulnerability in Body, Description and Comments, which allows an attacker to execute an arbitrary script in a logged-in user’s web browser. More information : https://jvn.jp/en/jp/JVN20611740/
The Request Tracker software is vulnerable to a Stored XSS vulnerability in calendar invitation parsing feature, which displays invitation data without HTML sanitization. XSS vulnerability allows an attacker to send a specifically crafted e-mail enabling...
The PixelYourSite WordPress plugin before 11.1.2 does not validate some URL parameters before using them to generate paths passed to function/s, allowing any admins to perform LFI attacks More information : https://wpscan.com/vulnerability/88a99f9d-dc7f-4c04-8734-77295c8656bf/
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘percentage’ parameter in all versions up to, and including, 5.4.5 due to insufficient input sanitization and output escaping. This...
A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and delete arbitrary files on the target...
A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and create arbitrary directories on the target...
A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and delete arbitrary directories on the target...
The ComboServlet in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported...
A relative path traversal (ZipSlip) vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an attacker who can tamper with a productivity project to execute arbitrary code on the machine where...
An incorrect permission assignment for a critical resource vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an attacker with low-privileged credentials to change their role, gaining full control access to...
Improper access control in Azure Notification Service allows an authorized attacker to elevate privileges over a network. More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59500
Server-side request forgery (ssrf) in Azure Compute Gallery allows an unauthorized attacker to elevate privileges over a network. More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59503
A binding to an unrestricted IP address vulnerability was discovered in Productivity Suite software version v4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and read, write, or...
A weak password recovery mechanism for forgotten password vulnerability was discovered in Productivity Suite software version v4.4.1.19. The vulnerability allows an attacker to decrypt an encrypted project by answering just one recovery question. More...