CVE-2023-4390

The Popup box WordPress plugin before 3.7.2 does not sanitize and escape some Popup fields, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfilteredhtml capability is disallowed for example in a multisite setup...

CVE-2023-37743

A cross-site scripting XSS vulnerability in Teacher Subject Allocation System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search text box...

CVE-2023-34003

Missing Authorization vulnerability in Woo WooCommerce Box Office.This issue affects WooCommerce Box Office: from n/a through 1.1.51...

CVE-2023-24241

Forget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name parameter at /admin/loginpost.php...

CVE-2023-23277

Snippet-box 1.0.0 is vulnerable to Cross Site Scripting XSS. Remote attackers can render arbitrary web script or HTML from the "Snippet code" form field...

CVE-2023-24956

Forget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name parameter at /cha.php...

CVE-2023-0177

The Social Like Box and Page by WpDevArt WordPress plugin before 0.8.41 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...

CVE-2023-5817

The Neon text plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's neontextbox shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes color. This makes it possible for authenticated...

CVE-2023-32128

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Adastra Crypto Cryptocurrency Payment & Donation Box – Accept Payments in any Cryptocurrency on your WP Site for Free.This issue affects Cryptocurrency Payment & Donation Box – Accept Payments in a...

CVE-2023-3862

A vulnerability was found in Travelmate Travelable Trek Management Solution 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Comment Box Handler. The manipulation of the argument comment leads to cross site scripting. The attack may be...

CVE-2023-27414

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Popup Box Team Popup box plugin = 3.4.4 versions...

CVE-2023-34641

KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog box via the function window.print which can then be used to open an unprivileged command prompt...

CVE-2023-6591

The Popup Box WordPress plugin before 20.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

CVE-2023-47304

An issue was discovered in Vonage Box Telephone Adapter VDV23 version VDV21-3.2.11-0.5.1, allows local attackers to bypass UART authentication controls and read/write arbitrary values to the memory of the device...

MAL-2025-4349 Malicious code in gacha-box (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2d266c3cc45de6b63abc8c3898219a97982b9c5b400cc714f0cd62990fc0353c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2022-47072

SQL injection vulnerability in Enterprise Architect 16.0.1605 32-bit allows attackers to run arbitrary SQL commands via the Find parameter in the Select Classifier dialog box...

CVE-2022-48330

A Huawei sound box product has an out-of-bounds write vulnerability. Attackers can exploit this vulnerability to cause buffer overflow. Affected product versions include:FLMG-10 versions FLMG-10 10.0.1.0H100SP22C00...

CVE-2022-4754

The Easy Social Box / Page Plugin WordPress plugin through 4.1.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scriptin...

CVE-2022-23391

A cross-site scripting XSS vulnerability in Pybbs v6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the Search box...

CVE-2022-2245

The Counter Box WordPress plugin before 1.2.1 is lacking CSRF check when activating and deactivating counters, which could allow attackers to make a logged in admin perform such actions via CSRF attacks...