CVE-2025-64184

CVE-2025-64184 affects Dosage up to version 3.1. The vulnerability arises because, while the basename is sanitized, the HTTP Content-Type header is used to derive the file extension when constructing target file names during image downloads, enabling a remote attacker (or MitM over HTTP) to cause...

WordPress Advanced Sermons Plugin <= 3.1 is vulnerable to Cross Site Scripting (XSS)

Software Advanced Sermons Type Plugin Vulnerable versions = 3.1 Fixed in 3.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29928 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID bc2c7d256317 Credits Dhabaleshwar Das Required privilege...

PYSEC-2023-113

Products.CMFCore are the key framework services for the Zope Content Management Framework CMF. The use of Python's marshal module to handle unchecked input in a public method on PortalFolder objects can lead to an unauthenticated denial of service and crash situation. The code in question is...

PYSEC-2023-113

Products.CMFCore are the key framework services for the Zope Content Management Framework CMF. The use of Python's marshal module to handle unchecked input in a public method on PortalFolder objects can lead to an unauthenticated denial of service and crash situation. The code in question is...

WordPress Posts List Designer by Category – List Category Posts Or Recent Posts Plugin < 3.2 is vulnerable to Cross Site Scripting (XSS)

Software Posts List Designer by Category – List Category Posts Or Recent Posts Type Plugin Vulnerable versions 3.2 Fixed in 3.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4749 Patch priority Medium CVSS severity Medium 6.5 Developer Claim...