GitLab CE/EE - Hard-Coded Credentials

GitLab CE/EE contains a hard-coded credentials vulnerability. A hardcoded password was set for accounts registered using an OmniAuth provider e.g. OAuth, LDAP, SAML, allowing attackers to potentially take over accounts. This template attempts to passively identify vulnerable versions of GitLab...

CVE-2026-28137 WordPress MediCenter - Health Medical Clinic WordPress Theme theme <= 14.9 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in QuanticaLabs MediCenter - Health Medical Clinic medicenter allows Reflected XSS.This issue affects MediCenter - Health Medical Clinic: from n/a through = 14.9...

CVE-2026-28137

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in QuanticaLabs MediCenter - Health Medical Clinic medicenter allows Reflected XSS.This issue affects MediCenter - Health Medical Clinic: from n/a through = 14.9...

WordPress plugin MediCenter 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. The WordPre...

EUVD-2023-1273

Malicious code in bioql PyPI...

ManageEngine SupportCenter Plus < 14.9 Build 14940 Privilege Escalation

The version of ManageEngine SupportCenter Plus installed on the remote host is prior to 14.9 Build 14940. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-8309 advisory. - A privilege escalation vulnerability caused by the overly permissive regular expression regex rule...

Linux Distros Unpatched Vulnerability : CVE-2022-3291

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Serialization of sensitive data in GitLab EE affecting all versions from 14.9 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 can leak sensitive...

CVE-2023-26478

XWiki Platform is a generic wiki platform. Starting in version 14.3-rc-1, org.xwiki.store.script.TemporaryAttachmentsScriptServiceuploadTemporaryAttachment returns an instance of com.xpn.xwiki.doc.XWikiAttachment. This class is not supported to be exposed to users without the programing right...

CVE-2022-1189

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.2 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 that allowed for an unauthorised user to read the the approval rules of a private project...

PostgreSQL 11.x < 11.21, 12.x < 12.16, 13.x < 13.12, 14.x < 14.9, 15.x < 15.4 SQLi Vulnerability - Windows

PostgreSQL is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:postgresql:postgresql...

Design/Logic Flaw

Tuleap is a free and open source suite to improve management of software development and collaboration. Prior to version 14.10.99.4 of Tuleap Community Edition and prior to versions 14.10-2 and 14.9-5 of Tuleap Enterprise Edition, content displayed in the "card fields" visible in the kanban and P...

XWiki 3.0-milestone-1 < 14.9 XSS Vulnerability (GHSA-cmvg-w72j-7phx)

Xwiki is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...

PT-2023-4813 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions 2.40m-2 through 14.4.7 XWiki Platform versions 2.40m-2 through 14.10.3 XWiki Platform versions 2.40m-2 through 14.9.x Description: The issue is related to the lack of measures to neutralize instructions in dynamically...

WordPress plugin Yoast Local SEO 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress Yoast SEO: Local Plugin <= 14.9 is vulnerable to Cross Site Scripting (XSS)

Software Yoast SEO: Local Type Plugin Vulnerable versions = 14.9 Fixed in 15.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-28785 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 24eda6213577 Credits Rafie Muhammad Patchstac...

WordPress Yoast SEO: Local Plugin <= 14.8 is vulnerable to Cross Site Scripting (XSS)

Software Yoast SEO: Local Type Plugin Vulnerable versions = 14.8 Fixed in 14.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32300 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 28e5acd1438d Credits Rafie Muhammad...

CVE-2023-29207 Improper Neutralization of Script-Related HTML Tags (XSS) in the LiveTable Macro

XWiki Commons are technical libraries common to several other top level XWiki projects. The Livetable Macro wasn't properly sanitizing column names, thus allowing the insertion of raw HTML code including JavaScript. This vulnerability was also exploitable via the Documents Macro that is included...

CVE-2023-29206 org.xwiki.platform:xwiki-platform-skin-skinx vulnerable to basic Cross-site Scripting by exploiting JSX or SSX plugins

XWiki Commons are technical libraries common to several other top level XWiki projects. There was no check in the author of a JavaScript xobject or StyleSheet xobject added in a XWiki document, so until now it was possible for a user having only Edit Right to create such object and to craft a...

org.xwiki.platform:xwiki-platform-skin-skinx vulnerable to basic Cross-site Scripting by exploiting JSX or SSX plugins

Impact There was no check in the author of a JavaScript xobject or StyleSheet xobject added in a XWiki document, so until now it was possible for a user having only Edit Right to create such object and to craft a script allowing to perform some operations when executing by a user with appropriate...

PT-2023-22203 · Xwiki · Xwiki

Name of the Vulnerable Software and Affected Versions: XWiki versions prior to 14.9-rc-1 Description: The issue arises from the lack of checks on the author of a JavaScript xobject or StyleSheet xobject added to a XWiki document. This allowed a user with only Edit Right to create such an object a...