CVE-2025-69111
Unauthenticated PHP Object Injection in Reisen <= 1.4.1 versions.
直近表示から外れた情報を確認できます。診断結果とは別情報として扱います。
Unauthenticated PHP Object Injection in Reisen <= 1.4.1 versions.
Unauthenticated Local File Inclusion in Imba <= 1.5.0 versions.
Unauthenticated Cross Site Scripting (XSS) in Avante < 3.0.5 versions.
In Citrix Cloud through 2025-11-10, an account with read-only access can trigger the beginning of a workflow for write operations, e.g., the system will send a one-time password to an attacker-controlled email address when the attacker attempts to reset the password of a user account.
Deserialization of Untrusted Data vulnerability in EMV Creatify allows Object Injection. This issue affects Creatify: from n/a through 1.5.
Deserialization of Untrusted Data vulnerability in EMV The Hospital nrghospital allows Object Injection. This issue affects The Hospital: from n/a through 1.8.1.
Deserialization of Untrusted Data vulnerability in Themeton The Barber Shop allows Object Injection. This issue affects The Barber Shop: from n/a through 1.9.
Deserialization of Untrusted Data vulnerability in Themeton Lagom allows Object Injection. This issue affects Lagom: from n/a through 2.0.
Unauthenticated SQL Injection in Advanced Ads – Tracking < 3.0.7 versions.
Unauthenticated Insecure Direct Object References (IDOR) in School Management <= 93.1.0 versions.
Unauthenticated Arbitrary File Download in WP Media folder Addon <= 4.0.1 versions.
The Taskbuilder WordPress plugin before 5.0.8 does not properly sanitise a URL parameter before echoing it into inline JavaScript on a frontend page containing one of its shortcodes, leading to a Reflected Cross-Site Scripting vulnerability that can be triggered against any logged-in user.
The Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wrap' Shortcode Attribute in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
The Permalink Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post titles in the admin URI Editor interface in all versions up to, and including, 2.5.3.3 due to insufficient output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in the admin Permalink Manager page that will execute whenever an administrator accesses the Permalink Manager page.
The LearnPress WordPress plugin before 4.3.7 does not gate the `edit` context on one of its REST endpoint behind the `edit_users` capability, allowing unauthenticated visitors to retrieve each returned user's roles, full capabilities map, extra capabilities, locale, and registration date via a crafted request
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
The weMail: Email Marketing, Email Automation, Newsletters, Subscribers & Email Optins for WooCommerce WordPress plugin before 2.1.3 does not properly escape a user-supplied parameter before reflecting it into an HTML attribute on a non-nonce-protected AJAX response, allowing unauthenticated attackers to deliver Reflected Cross-Site Scripting against any authenticated user (including administrators) via a crafted URL.
The WP Magnific Popup WordPress plugin through 1.0 does not properly escape user-controlled link URLs before injecting them into the DOM when displaying image load error messages, allowing authenticated attackers with Author-level access or above to perform Stored Cross-Site Scripting attacks against any visiting user.
Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Room Air Conditioners (for Japan and outside Japan); Wireless LAN Adapters for Room Air Conditioners (for Japan and outside Japan); Wireless LAN Adapters for Packaged Air Conditioners (for Japan and outside Japan); Refrigerators (for Japan); Heat Pump Water Heaters / HEMS-Compatible Adapters / Wireless LAN Adapters (for Japan); Bathroom Dryer / Heater / Ventilation Systems (for Japan); Adapters for Airflow Ventilation Systems, Heat Pump Chilled / Hot Water Systems, and Ventilation / Air-Conditioning System Air Resorts (for Japan); Lossnay Central Ventilation Systems (for Japan); Smart Switches for Ventilation Fans and Lossnay (for Japan); IH Cooking Heaters (for Japan); and Rice Cookers (for Japan) allows an attacker within Wi-Fi radio range of an affected product to access the affected product using a hard-coded SSID and password, thereby obtaining device data such as operation status, room set temperature, and room temperature; changing the air-conditioner or Wi-Fi settings; or causing Wi-Fi communication to enter a denial-of-service (DoS) condition.
sppp_pap_input in sys/net/if_spppsubr.c in OpenBSD before 076e2b1 allows authentication bypass via certain zero values for lengths.
Unauthenticated SQL Injection in WP eMember < v10.9.4 versions.
Unauthenticated Privilege Escalation in Registration Form for WooCommerce <= 1.0.9 versions.
Unauthenticated PHP Object Injection in WP Activity Log <= 5.6.3.1 versions.
Subscriber Privilege Escalation in Falang multilanguage <= 1.4.2 versions.
Subscriber Broken Authentication in Melhor Envio <= 2.16.3 versions.
Subscriber Privilege Escalation in SMS Alert Order Notifications <= 3.9.4 versions.
Unauthenticated Broken Authentication in SMS Alert Order Notifications <= 3.9.3 versions.
Subscriber Privilege Escalation in JetFormBuilder <= 3.6.1 versions.
Unauthenticated Cross Site Scripting (XSS) in JetFormBuilder <= 3.6.0.1 versions.
Contributor PHP Object Injection in Fusion Builder <= 3.15.4 versions.
Unauthenticated Cross Site Scripting (XSS) in Popup box <= 6.2.9 versions.
Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions.
Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions.
Unauthenticated SQL Injection in JetEngine <= 3.8.10.1 versions.
Unauthenticated SQL Injection in JobSearch <= 3.2.9 versions.
Subscriber SQL Injection in Cornerstone < 7.8.8 versions.
Unauthenticated Insecure Direct Object References (IDOR) in Clean Login <= 1.15 versions.
RadiX AX6600 WiFi 6 Tri-Band Gaming Router contains an OS command injection vulnerability, which may lead to arbitrary command execution with the root privilege by a user who logs in to the web console as an administrator.
Unauthenticated PHP Object Injection in JetEngine <= 3.8.10 versions.
Unauthenticated Arbitrary File Upload in SigmaForms Pro – AI Generated Forms <= 1.4.5 versions.
Subscriber Sensitive Data Exposure in PushEngage – Web Push Notifications, eCommerce Automation & Chat Widget <= 4.2.3 versions.
Unauthenticated Sensitive Data Exposure in JetBlog <= 2.4.8 versions.
A path traversal in the SFTP provider (`SFTPHook.retrieve_directory` / `SFTPOperator(operation=get)`) let a malicious or compromised remote SFTP server write files outside the configured local destination directory via crafted directory-entry names. No Airflow account is required — the attack surface is any deployment downloading directories from an untrusted SFTP server. Upgrade `apache-airflow-providers-sftp` to 5.8.1 or later.
Unauthenticated Cross Site Scripting (XSS) in WPFunnels Pro <= 2.9.4 versions.
Unauthenticated Broken Authentication in wpForo Forum <= 3.1.0 versions.
Subscriber Arbitrary Code Execution in Cornerstone < 7.8.8 versions.
Unauthenticated PHP Object Injection in Thrive Apprentice < 10.8.10.2 versions.
Unauthenticated SQL Injection in JetEngine < 3.8.9.1 versions.
Unauthenticated Broken Access Control in User Registration Stripe <= 1.3.12 versions.
Unauthenticated SQL Injection in wpDataTables <= 7.3.6 versions.