Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the rex-api-result parameter. An attacker can execute arbitrary scripts in the context of the user's browser session by crafting a malicious URL that injects JavaScript into the web page. Details...

The vulnerability of the application software interface of the Cisco Identity Services Engine (ISE) management platform allows a perpetrator to gain read, modify, or delete access to data.

The vulnerability of the application programming interface of the Cisco Identity Services Engine ISE management platform relates to incorrect restrictions on the path name to the restricted catalog. Exploiting this vulnerability could allow an attacker to gain read, modify, or delete access to da...

The vulnerability in the application software interface of the Cisco Identity Services Engine (ISE) management platform allows a perpetrator to upload files and gain access to read, modify, or delete data.

The vulnerability of the application programming interface of the Cisco Identity Services Engine ISE management platform is related to an incorrect restriction on the path name to the restricted catalog. Exploiting this vulnerability could allow a malicious actor to upload files and gain read,...

WordPress RateMyAgent Official plugin <= 1.4.0 - Cross-Site Request Forgery to API Key Update vulnerability

Cross-Site Request Forgery to API Key Update vulnerability discovered by Dhabaleshwar Das in WordPress Plugin RateMyAgent Official versions = 1.4.0...

Incorrect Authorization

Overview org.wso2.is:identity-server-parent is an open source Identity and Access Management solution federating and managing identities across both enterprise and cloud service environments. Affected versions of this package are vulnerable to Incorrect Authorization that allows an attacker in...

CVE-2024-50689

SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references IDOR via the orgService API model...

When using the project to bypass Deezer API restrictions, project exfiltrates user data to a hardcoded server.

Published in 2019, the automslc package is a Python librarythat bypasses Deezer API restrictions to download music.The package was found to exfiltrate user data to a hardcoded server,which could be used for malicious purposes...

PT-2025-7660 · Sourcecodester · Sourcecodester Best Church Management

Name of the Vulnerable Software and Affected Versions: SourceCodester Best Church Management Software version 1.0 Description: A critical vulnerability was found in the software, affecting an unknown functionality of the file /admin/app/asset crud.php. The manipulation of the photo1 argument lead...

RupeeWeb 安全漏洞

Rupeeseed RupeeWeb is a state-of-the-art web-based trading platform from Rupeeseed India. RupeeWeb suffers from a security vulnerability that stems from insufficient API endpoint privilege controls, allowing an authenticated, remote attacker to modify information on other user accounts...

CVE-2025-21351

Windows Active Directory Domain Services API Denial of Service Vulnerability...

CVE-2025-23413

When users log in through the webUI or API using local authentication, BIG-IP Next Central Manager may log sensitive information in the pgaudit log files. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

firefox: thunderbird: Use-after-free in Custom Highlight

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash...

firefox: thunderbird: Use-after-free in Custom Highlight

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash...

CVE-2025-20124

A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker to execute arbitrary commands as the root user on an affected device. This vulnerability is due to insecure deserialization of user-supplied Java byte streams by the affected software. An attacker could exploit...

USN-7252-1 openjdk-lts vulnerability

It was discovered that the Hotspot component of OpenJDK 11 did not properly handle API access under certain circumstances. An unauthenticated attacker could possibly use this issue to access unauthorized resources and expose sensitive information...

F5 BIG-IP Next Central Manager 日志信息泄露漏洞

F5 BIG-IP Next Central Manager is a centralized console from F5 USA. A log information disclosure vulnerability exists in F5 BIG-IP Next Central Manager, which originates from the possibility of recording sensitive information in log files when a user logs in using local authentication via the...

WordPress plugin Sensei LMS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blogging sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerabilit...

CVE-2025-22220

VMware Aria Operations for Logs contains a privilege escalation vulnerability. A malicious actor with non-administrative privileges and network access to Aria Operations for Logs API may be able to perform certain operations in the context of an admin user...

Scale 安全漏洞

Scale is an open source work, project and task management platform with more than 30 features from the individual developers at pankajindevops. A security vulnerability exists in Scale 20241113 and prior versions that stems from improper access control in the component API Endpoint...

WordPress Flexmls® IDX Plugin plugin <= 3.14.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via API parameters vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via API parameters vulnerability discovered by 1337Wannabe in WordPress Plugin Flexmls® IDX versions = 3.14.26...