CVE-2025-47512

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in tainacan Tainacan tainacan allows Path Traversal.This issue affects Tainacan: from n/a through = 0.21.14...

CVE-2024-7803

An issue has been discovered in GitLab CE/EE affecting all versions from 11.6 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A Discord webhook integration may cause DoS...

CVE-2025-47558

MapSVG (WordPress plugin) is affected by CVE-2025-47558: a Missing Authorization vulnerability in MapSVG versions up to and including 8.6.12 allows accessing functionality not constrained by ACLs. The issue is caused by broken access control and could enable unauthorized access to certain feature...

CVE-2025-24746

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Daniel Iser Popup Maker popup-maker allows Stored XSS.This issue affects Popup Maker: from n/a through = 1.20.2...

CVE-2025-24698

Cross-Site Request Forgery CSRF vulnerability in g5theme Essential Real Estate essential-real-estate allows Cross Site Request Forgery.This issue affects Essential Real Estate: from n/a through = 5.1.8...

CVE-2025-22578

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in aazztech WP Cookie wp-cookie allows Stored XSS.This issue affects WP Cookie: from n/a through = 1.0.0...

CVE-2024-5005

An issue has been discovered discovered in GitLab EE/CE affecting all versions starting from 11.4 before 17.2.9, all versions starting from 17.3 before 17.3.5, all versions starting from 17.4 before 17.4.2 It was possible for guest users to disclose project templates using the API...

CVE-2024-44036

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pierre Lebedel Kodex Posts likes kodex-posts-likes allows Stored XSS.This issue affects Kodex Posts likes: from n/a through = 2.5.0...

CVE-2024-6502

An issue was discovered in GitLab CE/EE affecting all versions starting from 8.2 prior to 17.1.6 starting from 17.2 prior to 17.2.4, and starting from 17.3 prior to 17.3.1, which allows an attacker to create a branch with the same name as a deleted tag...

CVE-2024-38715

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in ExS ExS Widgets allows PHP Local File Inclusion.This issue affects ExS Widgets: from n/a through 0.3.1...

CVE-2024-31104

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GetResponse GetResponse for WordPress allows Stored XSS.This issue affects GetResponse for WordPress: from n/a through 5.5.33...

CVE-2024-25903

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in N-Media Frontend File Manager.This issue affects Frontend File Manager: from n/a through 22.7...

CVE-2024-6329

An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, which causes the web interface to fail to render the diff correctly when the path is encoded...

CVE-2024-24804

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in websoudan MW WP Form allows Stored XSS.This issue affects MW WP Form: from n/a through 5.0.6...

CVE-2024-56001

Missing Authorization vulnerability in ksher thailand Ksher ksher-payment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ksher: from n/a through = 1.1.1...

CVE-2024-31893

IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive calendar information using an expired access token. IBM X-Force ID: 288174...

CVE-2024-47911

In SonarSource SonarQube 10.4 through 10.5 before 10.6, a vulnerability was discovered in the authorizations/group-memberships API endpoint that allows SonarQube users with the administrator role to inject blind SQL commands...

CVE-2024-31399

Excessive platform resource consumption within a loop issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, processing a crafted mail may cause a denial-of-service DoS condition...

CVE-2024-35169

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in allbootstrapblocks All Bootstrap Blocks all-bootstrap-blocks.This issue affects All Bootstrap Blocks: from n/a through = 1.3.15...

CVE-2024-50521

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in alleythemes Alley Elementor Widget alley-elementor-widget allows DOM-Based XSS.This issue affects Alley Elementor Widget: from n/a through = 1.0.7...