255296 matches found
GHSA-8JVR-397X-XQH9 vulnerabilities
Vulnerabilities for packages: python...
GHSA-RJFV-PJVX-MJGV vulnerabilities
Vulnerabilities for packages: aws-load-balancer-controller...
SAP Internet Graphics Server (IGS) - XML External Entity Injection
SAP Internet Graphics Servers IGS running versions 7.20, 7.20EXT, 7.45, 7.49, or 7.53 has two XML external entity injection XXE vulnerabilities within the XMLCHART page - CVE-2018-2392 and CVE-2018-2393. These vulnerabilities occur due to a lack of appropriate validation on the Extension HTML tag...
Open Bulletin Board (OpenBB) v1.0.6 - Open Redirect/XSS
Multiple cross-site scripting XSS vulnerabilities in Open Bulletin Board OpenBB 1.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 redirect parameter to member.php, 2 to parameter to myhome.php 3 TID parameter to post.php, or 4 redirect parameter to...
Visual CSS Style Editor < 7.5.4 - Cross-Site Scripting
The plugin does not sanitise and escape the wyppagetype parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue id: CVE-2021-24934 info: name: Visual CSS Style Editor 7.5.4 - Cross-Site Scripting author: Splint3r7 severity: medium description: | The...
Processwire CMS <2.7.1 - Local File Inclusion
Processwire CMS prior to 2.7.1 is vulnerable to local file inclusion because it allows a remote attacker to retrieve sensitive files via the download parameter to index.php. id: CVE-2020-27467 info: name: Processwire CMS 2.7.1 - Local File Inclusion author: 0xAkoko severity: high description:...
Revive Adserver 4.2 - Remote Code Execution
Revive Adserver 4.2 is susceptible to remote code execution. An attacker can send a crafted payload to the XML-RPC invocation script and trigger the unserialize call on the "what" parameter in the "openads.spc" RPC method. This can be exploited to perform various types of attacks, e.g...
Htaccess by BestWebSoft < 1.7.6 - Cross-Site Scripting
The htaccess plugin before 1.7.6 for WordPress has multiple XSS issues. id: CVE-2017-18496 info: name: Htaccess by BestWebSoft 1.7.6 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The htaccess plugin before 1.7.6 for WordPress has multiple XSS issues. impact: |...
WordPress Plugin Uploader 1.0.4 - Cross-Site Scripting
Multiple cross-site scripting vulnerabilities in views/notify.php in the Uploader plugin 1.0.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 notify or 2 blog parameter. id: CVE-2013-2287 info: name: WordPress Plugin Uploader 1.0.4 - Cross-Site Scripting...
Pretty Url <= 1.5.4 - Cross-Site Scripting
Plugin does not sanitize and escape the URL field in the plugin settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. id: CVE-2023-2009 info: name: Pretty Url = 1.5.4 -...
GHSA-CP6G-7HQX-QXHP vulnerabilities
Vulnerabilities for packages: tempo-fips, virt-api-fips, loki-fips, grafana-mimir, google-cloud-otel-ops-collector, bento-fips, loki, cilium-fips, external-secrets-operator-fips, ory-kratos, trident-fips, dapr-fips, vault, vcluster-fips, amazon-cloudwatch-agent-fips, packer-fips, tbot,...
GHSA-8988-4F7V-96QF vulnerabilities
Vulnerabilities for packages: renovate...
GHSA-MQQF-5WVP-8FH8 vulnerabilities
Vulnerabilities for packages: fleet-server-fips...
GHSA-992Q-W5XV-32HH vulnerabilities
Vulnerabilities for packages: firefox...
GHSA-8988-4F7V-96QF vulnerabilities
Vulnerabilities for packages: renovate...
GHSA-8PXW-9C75-6W56 vulnerabilities
Vulnerabilities for packages: neuvector-scanner...
GHSA-992Q-W5XV-32HH vulnerabilities
Vulnerabilities for packages: firefox...
GHSA-76MC-F452-CXCM vulnerabilities
Vulnerabilities for packages: langfuse, langfuse-fips...
GHSA-X4VX-RJVF-J5P4 vulnerabilities
Vulnerabilities for packages: langfuse, langfuse-fips...
GHSA-RP9W-3FW7-7CWQ vulnerabilities
Vulnerabilities for packages: langfuse, langfuse-fips...