TinyMCE Custom Styles < 1.1.3 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Namaste! LMS < 2.5.9.2 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

VikBooking Hotel Booking Engine & PMS < 1.5.12 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

The vulnerability of the Setup sub-component of the Oracle Learning Management component in the Oracle E-Business Suite allows a perpetrator to manipulate data.

The vulnerability of the Setup sub-component of the Oracle Learning Management component in the Oracle E-Business Suite system relates to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to manipulate data remotely...

CVE-2022-3430

A potential vulnerability in the WMI Setup driver on some consumer Lenovo Notebook devices may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable...

CVE-2022-3430

A potential vulnerability in the WMI Setup driver on some consumer Lenovo Notebook devices may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable...

Design/Logic Flaw

A potential vulnerability in the WMI Setup driver on some consumer Lenovo Notebook devices may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable...

CVE-2022-3430

Summary (CVE-2022-3430) : The vulnerability concerns the Lenovo WMI Setup driver on Lenovo Notebook devices. It could let an attacker with elevated privileges modify the Secure Boot setting by changing an NVRAM variable. The PT-2022-6630 entry notes the issue relates to errors in using standard p...

CVE-2022-3430

A potential vulnerability in the WMI Setup driver on some consumer Lenovo Notebook devices may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable...

CVE-2023-24096

TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the newpass parameter at /formPasswordSetup. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This vulnerability only affects...

TRENDnet TEW-820AP 缓冲区错误漏洞

The TRENDnet TEW-820AP is a router from TRENDnet. A security vulnerability exists in TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, which stems from the discovery of a stack overflow vulnerability via the newpass parameter of /formPasswordSetup. An attacker could exploit the vulnerability to...

VikRentCar < 1.3.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Conversational Forms for ChatBot < 1.1.7 - Admin+ Stored XSS

The plugin does not sanitise and escape a form name, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

MailOptin 1.2.54.0 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

3com Asesor de Cookies <= 3.4.3 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WP eBay Product Feeds < 3.4 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Interactive Polish Map < 1.2.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-21852

Vulnerability in the Oracle Learning Management product of Oracle E-Business Suite component: Setup. Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Learning Management...

CVE-2023-21852

Vulnerability in the Oracle Learning Management product of Oracle E-Business Suite component: Setup. Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Learning Management...

Design/Logic Flaw

Vulnerability in the Oracle Learning Management product of Oracle E-Business Suite component: Setup. Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Learning Management...