CVE-2019-16695

phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter.php table parameter when action=add is used...

WordPress Product Table by WBW plugin <= 2.1.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Product Table by WBW versions = 2.1.4...

CVE-2025-29779 Post-Quantum Secure Feldman's Verifiable Secret Sharing has Inadequate Fault Injection Countermeasures in `secure_redundant_execution`

Post-Quantum Secure Feldman's Verifiable Secret Sharing provides a Python implementation of Feldman's Verifiable Secret Sharing VSS scheme. In versions 0.8.0b2 and prior, the secureredundantexecution function in feldmanvss.py attempts to mitigate fault injection attacks by executing a function...

Mozilla: Content-Security-Policy base-uri bypass

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that when injecting an HTML base element; some requests would ignore the CSP's base-uri settings and accept the injected element's base instead...

RemotelyAnywhere - Default.HTML Logout Message Injection

source: https://www.securityfocus.com/bid/9202/info RemotelyAnywhere has been reported prone to a logout message injection weakness. It has been reported that this issue presents itself due to a lack of sufficient restrictions performed by RemotelyAnywhere on user supplied 'reason' URI parameters...