CVE-2026-11561 SSTI in Soagen Informatics' Apinizer

Improper neutralization of special elements used in an expression language statement 'expression language injection' vulnerability in Soagen Informatics Technologies Software and Consulting Inc. Apinizer allows Code Injection. This issue affects Apinizer: from 2026.04.0 before 2026.04.6...

UBUNTU-CVE-2025-71244

SPIP before 4.4.5 and 4.3.9 allows an Open Redirect via the login form when used in AJAX mode. An attacker can craft a malicious URL that, when visited by a victim, redirects them to an arbitrary external site after login. This vulnerability only affects sites where the login page has been...

WordPress Tax Rate Upload plugin <= 2.4.5 - CSRF leading to Cross Site Scripting (XSS) vulnerability

CSRF leading to Cross Site Scripting XSS vulnerability discovered by thiennv Patchstack Alliance in WordPress Plugin Tax Rate Upload versions = 2.4.5...

QNAP Systems Photo Station 授权问题漏洞

QNAP Systems Photo Station is a photo management and viewing application from China Wizards Connect QNAP Systems. An authorization issue vulnerability exists in QNAP Systems Photo Station versions prior to 6.0.20, 5.7.16, and 4.5.13, which stems from an error when processing authentication...

CVE-2015-5035

Cross-site scripting XSS vulnerability in IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-5036...