CVE-2024-0837

The Element Pack Elementor Addons Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image URL parameter in all versions up to, and including, 5.3.2 due to...

CVE-2024-2795

The SEO SIMPLE PACK plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.2.1 via META description. This makes it possible for unauthenticated attackers to extract limited information about password protected posts...

CVE-2024-9058

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Lightbox widget in all versions up to, and including, 5.10.5 due to insufficient input sanitization and output...

CVE-2023-52121

Cross-Site Request Forgery CSRF vulnerability in NitroPack Inc. NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images.This issue affects NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images: from n/a...

CVE-2023-0585

The All in One SEO Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 4.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Administrator role or above...

CVE-2023-0586

The All in One SEO Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 4.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Contributor+ role to inject...

CVE-2023-45376

In the module "Carousels Pack - Instagram, Products, Brands, Supplier" hicarouselspack for PrestaShop up to version 1.5.0 from HiPresta for PrestaShop, a guest can perform SQL injection via HiCpProductGetter::getViewedProduct...

CVE-2023-5917

A vulnerability, which was classified as problematic, has been found in phpBB up to 3.3.10. This issue affects the function main of the file phpBB/includes/acp/acpicons.php of the component Smiley Pack Handler. The manipulation of the argument pak leads to cross site scripting. The attack may be...

CVE-2023-5741

The POWR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'powr-powr-pack' shortcode in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2023-51528

Cross-Site Request Forgery CSRF vulnerability in Senol Sahin AI Power: Complete AI Pack – Powered by GPT-4.This issue affects AI Power: Complete AI Pack – Powered by GPT-4: from n/a through 1.8.12...

CVE-2023-33997

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Robin Wilson bbp style pack plugin = 5.5.5 versions...

CVE-2023-20036

A vulnerability in the web UI of Cisco IND could allow an authenticated, remote attacker to execute arbitrary commands with administrative privileges on the underlying operating system of an affected device. This vulnerability is due to improper input validation when uploading a Device Pack. An...

CVE-2022-1602

A potential security vulnerability has been identified in HP ThinPro 7.2 Service Pack 8 SP8. The security vulnerability in SP8 is not remedied after upgrading from SP8 to Service Pack 9 SP9. HP has released Service Pack 10 SP10 to remediate the potential vulnerability introduced in SP8...

CVE-2022-4059

The Cryptocurrency Widgets Pack WordPress plugin before 2.0 does not sanitise and escape some parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

CVE-2022-32225

A reflected DOM-Based XSS vulnerability has been discovered in the Help directory of Veeam Management Pack for Microsoft System Center 8.0. This vulnerability could be exploited by an attacker by convincing a legitimate user to visit a crafted URL on a Veeam Management Pack for Microsoft System...

CVE-2021-29220

Multiple buffer overflow security vulnerabilities have been identified in HPE iLO Amplifier Pack versions: Prior to 2.12. These vulnerabilities could be exploited by a highly privileged user to remotely execute code that could lead to a loss of confidentiality, integrity, and availability. HPE ha...

CVE-2021-24430

The Speed Booster Pack ⚡ PageSpeed Optimization Suite WordPress plugin before 4.2.0 did not validate its cachingexcludeurls and cachingincludequerystrings settings before outputting them in a PHP file, which could lead to RCE...

CVE-2021-35601

Vulnerability in the PeopleSoft Enterprise CS SA Integration Pack product of Oracle PeopleSoft component: Students Administration. Supported versions that are affected are 9.0 and 9.2. Easily exploitable vulnerability allows low privileged attacker with access to the physical communication segmen...

CVE-2021-29212

A remote unauthenticated directory traversal security vulnerability has been identified in HPE iLO Amplifier Pack versions 1.80, 1.81, 1.90 and 1.95. The vulnerability could be remotely exploited to allow an unauthenticated user to run arbitrary code leading complete impact to confidentiality,...

CVE-2021-26583

A potential security vulnerability was identified in HPE iLO Amplifier Pack. The vulnerabilities could be remotely exploited to allow remote code execution...