CVE-2017-9149

Metadata Anonymisation Toolkit MAT 0.6 and 0.6.1 silently fails to perform "Clean metadata" actions upon invocation from the Nautilus contextual menu, which allows context-dependent attackers to obtain sensitive information by reading a file for which cleaning had been attempted...

CVE-2019-9839

VFront 0.99.5 has Reflected XSS via the admin/menuregistri.php descrizioneg parameter or the admin/syncregtab.php azzera parameter...

CVE-2019-15864

The breadcrumbs-by-menu plugin before 1.0.3 for WordPress has XSS...

CVE-2019-15865

The breadcrumbs-by-menu plugin before 1.0.3 for WordPress has CSRF...

CVE-2019-15842

The easy-pdf-restaurant-menu-upload plugin before 1.1.2 for WordPress has XSS...

CVE-2018-14862

Incorrect access control in the mail templating system in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated internal users to delete arbitrary menuitems via a crafted RPC request...

CVE-2011-5329

The redirection plugin before 2.2.9 for WordPress has XSS in the admin menu, a different issue than CVE-2011-4562...

CVE-2013-0324

Cross-site scripting XSS vulnerability in the Rendered links formatter in the Menu Reference module 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with the "Administer menus and menu items" permission to inject arbitrary web script or HTML via the menu link title...

CVE-2014-5382

Multiple cross-site scripting XSS vulnerabilities in the web interface in Schrack Technik microControl with firmware 1.7.0 937 allow remote attackers to inject arbitrary web script or HTML via the position textbox in the configuration menu or other unspecified vectors...

CVE-2013-5187

The Screen Lock implementation in Apple Mac OS X before 10.9 does not immediately accept Keychain Status menu Lock Screen commands, and instead incorrectly relies on a certain timeout setting, which allows physically proximate attackers to obtain sensitive information by reading a screen that...

CVE-2005-4414

Unspecified vulnerability in Teamwork 3 before alpha 1.7 has unknown impact and attack vectors, related to "a menu security bug."...

CVE-2025-25539

Local File Inclusion vulnerability in Vasco v3.14and before allows a remote attacker to obtain sensitive information via help menu...

CVE-2025-48258

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jetmonsters Mega Menu Block getwid-megamenu allows Stored XSS.This issue affects Mega Menu Block: from n/a through = 1.0.6...

Malicious code in grammy-menu (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 877553f9f9497ed8ae9c7207031e84315c467837dceb8b2d9b46eb2d5cc7a6ce Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-4082 Malicious code in grammy-menu (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 877553f9f9497ed8ae9c7207031e84315c467837dceb8b2d9b46eb2d5cc7a6ce Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Vasco Self-Service Portal 安全漏洞

Vasco Self-Service Portal is a self-service portal from Vasco, Inc. A security vulnerability exists in Vasco Self-Service Portal v3.14 and earlier versions, which originates from a local file inclusion in the Help menu and could lead to the disclosure of sensitive information...

PT-2025-22402

Name of the Vulnerable Software and Affected Versions Vasco versions 3.14 and earlier Description The issue allows a remote attacker to obtain sensitive information via the help menu. This is due to a Local File Inclusion vulnerability. Recommendations For versions 3.14 and earlier, consider...

CVE-2025-25539

Local File Inclusion vulnerability in Vasco v3.14and before allows a remote attacker to obtain sensitive information via help menu...

CVE-2025-48258

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jetmonsters Mega Menu Block getwid-megamenu allows Stored XSS.This issue affects Mega Menu Block: from n/a through = 1.0.6...

CVE-2025-48258

CVE-2025-48258 concerns the WordPress Mega Menu Block. The vulnerability affects Mega Menu Block versions up to 1.0.6 (1.0.0–1.0.6) and stems from improper input neutralization during web page generation, enabling a stored XSS attack. The consequence is the potential execution of arbitrary script...