EUVD-2023-28035

Malicious code in bioql PyPI...

PYSEC-2025-96

An incorrect authorization vulnerability exists in gaizhenbiao/chuanhuchatgpt version git c91dbfc. The vulnerability allows any user to restart the server at will, leading to a complete loss of availability. The issue arises because the function responsible for restarting the server is not proper...

CVE-2024-20537

A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific administrative functions. This vulnerability is due to a lack of server-side validation of Administrator permissions. An attacker...

Cisco Identity Services Engine 安全漏洞

Cisco Identity Services Engine Cisco ISE is an environment-aware platform ISE Identity Services Engine from Cisco USA. The platform regulates the network by collecting real-time information from the network, users, and devices, and formulating and enforcing policies accordingly. The Cisco Identit...

PT-2024-31948 · Sourcecodester · Sourcecodester Online Medicine Ordering System

Name of the Vulnerable Software and Affected Versions: Sourcecodester Online Medicine Ordering System version 1.0 Description: The issue is related to Incorrect Access Control, where there is a lack of authorization checks for admin operations. Specifically, an attacker can perform admin-level...

CVE-2024-34716

PrestaShop CVE-2024-34716 is a XSS flaw affecting 8.1.0–8.1.5 when the customer-thread feature flag is enabled. An attacker can upload a malicious file via the front-office contact form and trigger script execution when an admin opens the attachment in back office, potentially leaking session dat...

CVE-2023-23702

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Pixelgrade Comments Ratings plugin = 1.1.7 versions...

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Pixelgrade Comments Ratings plugin = 1.1.7 versions...

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Jewel Theme WP Adminify plugin = 3.1.6 versions...

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in I Thirteen Web Solution WordPress publish post email notification plugin = 1.0.2.2 versions...

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in nigauri Insert Estimated Reading Time plugin = 1.2 versions...

CVE-2023-40665

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Pdfcrowd Save as Image plugin by Pdfcrowd plugin = 2.16.0 versions...

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Jason Crouse, VeronaLabs Slimstat Analytics plugin = 5.0.8 versions...

CVE-2023-27622 WordPress GuruWalk Affiliates Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Abel Ruiz GuruWalk Affiliates plugin = 1.0.0 versions...

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Jeffrey-WP Media Library Categories plugin = 2.0.0 versions...

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Visualmodo Borderless plugin = 1.4.8 versions...

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Elastic Email Sender plugin = 1.2.6 versions...

CVE-2023-34011

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in ShopConstruct plugin = 1.1.2 versions...

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in gsmith Cookie Monster plugin = 1.51 versions...

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Pradeep Singh Dynamically Register Sidebars plugin = 1.0.1 versions...