259249 matches found
Pretty Url <= 1.5.4 - Cross-Site Scripting
Plugin does not sanitize and escape the URL field in the plugin settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. id: CVE-2023-2009 info: name: Pretty Url = 1.5.4 -...
SAP Internet Graphics Server (IGS) - XML External Entity Injection
SAP Internet Graphics Servers IGS running versions 7.20, 7.20EXT, 7.45, 7.49, or 7.53 has two XML external entity injection XXE vulnerabilities within the XMLCHART page - CVE-2018-2392 and CVE-2018-2393. These vulnerabilities occur due to a lack of appropriate validation on the Extension HTML tag...
Open Bulletin Board (OpenBB) v1.0.6 - Open Redirect/XSS
Multiple cross-site scripting XSS vulnerabilities in Open Bulletin Board OpenBB 1.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 redirect parameter to member.php, 2 to parameter to myhome.php 3 TID parameter to post.php, or 4 redirect parameter to...
Processwire CMS <2.7.1 - Local File Inclusion
Processwire CMS prior to 2.7.1 is vulnerable to local file inclusion because it allows a remote attacker to retrieve sensitive files via the download parameter to index.php. id: CVE-2020-27467 info: name: Processwire CMS 2.7.1 - Local File Inclusion author: 0xAkoko severity: high description:...
QNAP Photo Station < 6.0.3 - Remote Code Execution
QNAP Photo Station versions prior to 6.0.3 contain multiple vulnerabilities that, when chained together, enable unauthenticated remote code execution RCE. id: CVE-2019-7194 info: name: QNAP Photo Station 6.0.3 - Remote Code Execution author: x-stp severity: critical description: | QNAP Photo...
Visual CSS Style Editor < 7.5.4 - Cross-Site Scripting
The plugin does not sanitise and escape the wyppagetype parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue id: CVE-2021-24934 info: name: Visual CSS Style Editor 7.5.4 - Cross-Site Scripting author: Splint3r7 severity: medium description: | The...
WordPress Plugin Uploader 1.0.4 - Cross-Site Scripting
Multiple cross-site scripting vulnerabilities in views/notify.php in the Uploader plugin 1.0.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 notify or 2 blog parameter. id: CVE-2013-2287 info: name: WordPress Plugin Uploader 1.0.4 - Cross-Site Scripting...
Htaccess by BestWebSoft < 1.7.6 - Cross-Site Scripting
The htaccess plugin before 1.7.6 for WordPress has multiple XSS issues. id: CVE-2017-18496 info: name: Htaccess by BestWebSoft 1.7.6 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The htaccess plugin before 1.7.6 for WordPress has multiple XSS issues. impact: |...
CVE-2026-55599 vulnerabilities
Vulnerabilities for packages: nextcloud-server...
GHSA-R42M-J2MW-2QF9 vulnerabilities
Vulnerabilities for packages: linux-gcp...
GHSA-Q972-3FGV-WCHC vulnerabilities
Vulnerabilities for packages: linux-gcp...
GHSA-MRF2-HC9C-229V vulnerabilities
Vulnerabilities for packages: linux-gcp...
GHSA-JMMV-2HP7-P7G5 vulnerabilities
Vulnerabilities for packages: linux-gcp...
GHSA-HXXH-4JR7-W99W vulnerabilities
Vulnerabilities for packages: linux-gcp...
GHSA-FCW9-VWJP-9J4V vulnerabilities
Vulnerabilities for packages: linux-gcp...
GHSA-FGXJ-VFG7-CPQQ vulnerabilities
Vulnerabilities for packages: linux-gcp...
GHSA-86VM-VP8G-7929 vulnerabilities
Vulnerabilities for packages: linux-gcp...
GHSA-7MF5-PGQ8-JHCP vulnerabilities
Vulnerabilities for packages: linux-gcp...
GHSA-6V4W-QF8X-8HJM vulnerabilities
Vulnerabilities for packages: linux-gcp...
GHSA-5XJR-H8MP-CHFC vulnerabilities
Vulnerabilities for packages: linux-gcp...