Latest CVE Feed
-
6.6
MEDIUMCVE-2025-47811
In Wing FTP Server through 7.4.4, the administrative web interface (listening by default on port 5466) runs as root or SYSTEM by default. The web application itself offers several legitimate ways to execute arbitrary system commands (i.e., through the web... Read more
Affected Products : wing_ftp_server- Published: Jul. 10, 2025
- Modified: Jul. 17, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-47813
loginok.html in Wing FTP Server before 7.4.4 discloses the full local installation path of the application when using a long value in the UID cookie.... Read more
Affected Products : wing_ftp_server- Published: Jul. 10, 2025
- Modified: Jul. 17, 2025
- Vuln Type: Information Disclosure
-
8.0
HIGHCVE-2025-28243
An issue in Alteryx Server v.2023.1.1.460 allows HTML injection via a crafted script to the pages component.... Read more
Affected Products : alteryx_server- Published: Jul. 10, 2025
- Modified: Jul. 17, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-5530
The WPC Smart Compare for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shortcode_btn' shortcode in all versions up to, and including, 6.4.6 due to insufficient input sanitization and output escaping on us... Read more
Affected Products : wpc_smart_compare_for_woocommerce- Published: Jul. 11, 2025
- Modified: Jul. 17, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-6068
The FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `data-caption-title` & `data-caption-description` HTML attributes in all versions up to, and i... Read more
Affected Products : foogallery- Published: Jul. 11, 2025
- Modified: Jul. 17, 2025
- Vuln Type: Cross-Site Scripting
-
7.2
HIGHCVE-2025-6851
The Broken Link Notifier plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.3.0 via the ajax_blinks() function which ultimately calls the check_url_status_code() function. This makes it possible for u... Read more
Affected Products : broken_link_notifier- Published: Jul. 11, 2025
- Modified: Jul. 17, 2025
- Vuln Type: Server-Side Request Forgery
-
6.5
MEDIUMCVE-2022-47393
An authenticated, remote attacker may use a Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple versions of multiple CODESYS products to force a denial-of-service situation.... Read more
- Published: May. 15, 2023
- Modified: Jul. 17, 2025
-
6.5
MEDIUMCVE-2022-47392
An authenticated, remote attacker may use a improper input validation vulnerability in the CmpApp/CmpAppBP/CmpAppForce Components of multiple CODESYS products in multiple versions to read from an invalid address which can lead to a denial-of-service condi... Read more
- Published: May. 15, 2023
- Modified: Jul. 17, 2025
-
7.5
HIGHCVE-2022-47391
In multiple CODESYS products in multiple versions an unauthorized, remote attacker may use a improper input validation vulnerability to read from invalid addresses leading to a denial of service.... Read more
- Published: May. 15, 2023
- Modified: Jul. 17, 2025
-
8.8
HIGHCVE-2022-47390
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory o... Read more
- Published: May. 15, 2023
- Modified: Jul. 17, 2025
-
8.8
HIGHCVE-2022-47389
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory o... Read more
- Published: May. 15, 2023
- Modified: Jul. 17, 2025
-
8.8
HIGHCVE-2022-47388
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory o... Read more
- Published: May. 15, 2023
- Modified: Jul. 17, 2025
-
8.8
HIGHCVE-2022-47387
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory ov... Read more
- Published: May. 15, 2023
- Modified: Jul. 17, 2025
-
8.8
HIGHCVE-2022-47386
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory o... Read more
- Published: May. 15, 2023
- Modified: Jul. 17, 2025
-
8.8
HIGHCVE-2022-47385
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpAppForce Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory o... Read more
- Published: May. 15, 2023
- Modified: Jul. 17, 2025
-
8.8
HIGHCVE-2022-47384
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory ov... Read more
- Published: May. 15, 2023
- Modified: Jul. 17, 2025
-
8.8
HIGHCVE-2022-47383
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory o... Read more
- Published: May. 15, 2023
- Modified: Jul. 17, 2025
-
8.8
HIGHCVE-2022-47382
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory ov... Read more
- Published: May. 15, 2023
- Modified: Jul. 17, 2025
-
8.8
HIGHCVE-2022-47381
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code exe... Read more
- Published: May. 15, 2023
- Modified: Jul. 17, 2025
-
8.8
HIGHCVE-2022-47380
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code ex... Read more
- Published: May. 15, 2023
- Modified: Jul. 17, 2025