CVE-2025-60837

A reflected cross-site scripting XSS vulnerability in MCMS v6.0.1 allows attackers to execute arbitrary Javascript in the context of a user's browser via a crafted payload...

CVE-2025-57954

CVE-2025-57954 is a valid cross-site scripting vulnerability in Poll Maker (WordPress plugin) that is DOM-based/XSS. Connected docs confirm affected software and technical details: Poll Maker versions up to 6.0.2 are vulnerable to a Stored Cross-Site Scripting (Authenticated) via input handling d...

PT-2024-11730 · Unknown · Geowebserver +1

Name of the Vulnerable Software and Affected Versions: GV-ASManager version 6.0.1.0 Description: The issue is related to a Local File Inclusion vulnerability in GeoWebServer via Path. This vulnerability is present in the specified version of GV-ASManager. Recommendations: For GV-ASManager version...

CVE-2022-30544

Cross-Site Request Forgery CSRF in MiKa's OSM – OpenStreetMap plugin = 6.0.1 versions...

PT-2021-22565 · Gnome +2 · Gnome Libgda +2

Name of the Vulnerable Software and Affected Versions: GNOME libgda versions prior to 6.0.1 Description: The issue is related to the failure to enable TLS certificate verification on the SoupSessionSync objects created in gda-web-provider.c, making users susceptible to network man-in-the-middle...

CVE-2020-1723

A flaw was found in Keycloak Gatekeeper Louketo. The logout endpoint can be abused to redirect logged-in users to arbitrary web pages. Affected versions of Keycloak Gatekeeper Louketo: 6.0.1, 7.0.0...

CVE-2020-9294

An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6.2.2 and earlier and FortiVoiceEntreprise 6.0.0 and 6.0.1 may allow a remote unauthenticated attacker to access the system as a legitimate user by requesting a password change via the user interface...

CVE-2019-11466

In Couchbase Server 6.0.0 and 5.5.0, the eventing service exposes system diagnostic profile via an HTTP endpoint that does not require credentials on a port earmarked for internal traffic only. This has been remedied in version 6.0.1 and now requires valid credentials to access...

DamiCMS Arbitrary File Read Vulnerability

DamiCMS is a content management system CMS for building websites quickly. A security vulnerability exists in DamiCMS version 6.0.1. A remote attacker can exploit the vulnerability by sending a specially crafted request admin.php?s=Tpl/Add/id to read arbitrary files...

CVE-2016-6411

Cisco Firepower Management Center and FireSIGHT System Software 6.0.1 mishandle comparisons between URLs and X.509 certificates, which allows remote attackers to bypass intended do-not-decrypt settings via a crafted URL, aka Bug ID CSCva50585...

Multiple Cross-Site Scripting Vulnerabilities in Cisco FireSIGHT Management Center

Cisco FireSIGHT Management Center is the United States Cisco Cisco company's set of support for centralized management of the use of FirePOWER Services Cisco ASA and Cisco FirePOWER network security equipment network security and operational functions of the management center software. Multiple...