20 matches found
EUVD-2026-3824
Authorization Bypass Through User-Controlled Key vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Portal: from n/a through = 2.4.3...
EUVD-2026-2257
Tenda AX-3 v16.03.12.10CN was discovered to contain a stack overflow in the wanSpeed2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...
EUVD-2026-1347
The AA Block Country plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 1.0.1. This is due to the plugin trusting user-supplied headers such as HTTPXFORWARDEDFOR to determine the client's IP address without proper validation or considering if the server is...
EUVD-2026-1064
The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the gamipressajaxgetposts and gamipressajaxgetusers functions in all versions up to, and including...
EUVD-2026-0199
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...
EUVD-2025-38363
The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to Limited Code Injection in all versions up to, and including, 1.7.7. This is due to insufficient input validation and restriction on the 'rtafarajax' function. This makes it possible for authenticated...
Cross-site Scripting (XSS)
Overview taguette is a Free and open source qualitative research tool Affected versions of this package are vulnerable to Cross-site Scripting XSS via the tag name, tag description, document name and document description. An attacker can execute arbitrary JavaScript code in the context of another...
CVE-2025-62528 Taguette cross-site scripting vulnerability via tag name, tag description, document name and document description
Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for a project member to put JavaScript in name or description fields which would run on project load. This issue has been patched in version 1.5.0...
CVE-2025-62528 Taguette cross-site scripting vulnerability via tag name, tag description, document name and document description
Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for a project member to put JavaScript in name or description fields which would run on project load. This issue has been patched in version 1.5.0...
CVE-2025-62528 Taguette cross-site scripting vulnerability via tag name, tag description, document name and document description
Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for a project member to put JavaScript in name or description fields which would run on project load. This issue has been patched in version 1.5.0...
EUVD-2025-16593
Malicious code in bioql PyPI...
EUVD-2025-15248
Malicious code in bioql PyPI...
bd.thesciencejob.com Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-973199 Security Researcher garletmarco Helped patch 1540 vulnerabilities Received 4 Coordinated Disclosure badges , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting bd.thesciencejob.com website and its users. Followi...
danfessler.com XSS vulnerability
Vulnerable URL: http://danfessler.com/blog.php?id=%3Csvg/onload=alert/OPENBUGBOUNTY/ Details: Description| Value ---|--- Patched:| Yes, at 26.11.2017 Latest check for patch:| 26.11.2017 14:33 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 1786954 VIP website...
Microsoft Internet Explorer Use-After-Free Vulnerability
Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via vectors involving crafted JavaScript code, CMarkup, and the onpropertychange attribute of a script element, as exploited in the wild in January and February 2014. Recent...
yxcms各处存在xss可getshell
简要描述: 求审核啊,乌云是不是不重视xss了,可是这是通用性哟。而且也不是弹窗啊,getshell利用方法都给各位想好了…… 详细说明: 不知为何之前提交的一个投稿处的xss一直不审核。是不是要注册会员过于鸡肋,反正这网站各种xss,我干脆一起提交了吧。 1.文章评论处xss,需要改包,无需登录:alertdocument.cookie 2.留言板处xss,无需登录:alertdocument.cookie 3.用户管理处xss,需要改包:alertdocument.cookie 利用方法: 外连如下javascript: $document.readyfunction var cod...
2
Text Text Text Text Text Text Text Text Text Text Text Text Text Text Text Text Text Text Text Text Text Text Text Text Text Text Text Text Text Text Text Text Text Text Text Text Text Text Text Text Text Text Text Text Text Text Text Text Text Text Text Text Text Text Text Text Text Text Text Te...
MS:D9227B98-E402-48F8-BADF-E72F13B40A56
...
MS:561FC498-3CFC-4F55-ACBC-B054BABBE9F8
...
Office 2013 1042
Office 2013 1042...