Dash Framework - Cross-site Scripting

Dash framework versions before 2.15.0 are vulnerable to Cross-site Scripting XSS via href attribute in anchor tags. This template tests for javascript:alert payload injection. id: CVE-2024-21485 info: name: Dash Framework - Cross-site Scripting author: Lee Changhyuneeche severity: medium...

Privacy Policy Genius - Cross-Site Scripting

Privacy Policy Genius WordPress plugin v2.0.4 contains a reflected cross-site scripting caused by unsanitized parameter output in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a malicious URL. id: CVE-2024-13219...

Advisory ROSA-SA-2026-3249

software: vim 9.1.2148 WASP: ROSA-CHROME unaffected versions = vim-9.1.2148-1 affected versions vim-9.1.2148-1 CVE-ID: CVE-2026-25749 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Heap overflow in Vim before version 9.1.2132 when processing the 'helpfile' option. In gettagfname src/tag.c, the value of...

Advisory ROSA-SA-2026-3190

Software: libsndfile 1.0.28 OS: ROSA Virtualization 2.1 unaffected versions = libsndfile-1.0.28-16.0.2.rv3 affected versions libsndfile-1.0.28-16.0.2.rv3 CVE-ID: CVE-2017-14634 BDU-ID: 2021-03755 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the double64init function of the libsndfile library is...

SSL upstream injection

SSL upstream injection Severity: medium CVE-2026-1642 Not vulnerable: 1.29.5+, 1.28.2+ Vulnerable: 1.3.0-1.29.4...

Advisory ROSA-SA-2025-2924

software: qt5-qtbase 5.15.16 WASP: ROSA-CHROME unaffected versions = qt5-qtbase-5.15.16-3 affected versions qt5-qtbase-5.15.16-3 CVE-ID: CVE-2025-30348 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in QDom allows a remote attacker to execute a complex algorithm involving copying XML...

WordPress FoodMenu <= 1.20 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin FoodMenu versions = 1.20...

WordPress Infility Global plugin <= 2.13.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by astra.r3verii in WordPress Plugin Infility Global versions = 2.13.4...

WordPress Content Manager Light plugin <= 3.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao KhanhVCI - VNPT in WordPress Plugin Content Manager Light versions = 3.2...

WordPress WP VR plugin <= 8.5.26 - Arbitrary File Upload Vulnerability

Arbitrary File Upload Vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin WP VR versions = 8.5.26...

WordPress Syndicate Out <= 0.9 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nguyen Xuan Chien Patchstack Alliance in WordPress Plugin Syndicate Out versions = 0.9...

WordPress WP Featured Screenshot Plugin <= 1.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Le Ngoc Anh in WordPress Plugin WP Featured Screenshot versions = 1.3...

WordPress FS Poster plugin <= 6.5.8 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin FS Poster versions = 6.5.8...

WordPress Stop Registration Spam Plugin <= 1.24 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k in WordPress Plugin Stop Registration Spam versions = 1.24...

WordPress UXsniff Plugin <= 1.3.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin UXsniff versions = 1.3.1...

WordPress Easy Contact plugin <= 0.1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Phat RiO - Fore-Z co.ltd in WordPress Plugin Easy Contact versions = 0.1.2...

Advisory ROSA-SA-2025-2765

Software: python-jinja2 2.10.1 OS: ROSA Virtualization 2.1 packageevrstring: python-jinja2-2.10.1-6.rv3 CVE-ID: CVE-2024-56326 BDU-ID: 2025-00113 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the str.format method of the html template tool jinja is related to a failure to neutralize special...

Advisory ROSA-SA-2025-2570

software: php 7.4.33 WASP: ROSA-CHROME packageevrstring: php-7.4.33-11 CVE-ID: CVE-2022-4900 BDU-ID: 2023-02666 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the phpcliserverstartupworkers sapi/cli/phpcliserver.c function of the PHP programming language interpreter is related to an operation...

SUSE CVE-2024-1671

Inappropriate implementation in Site Isolation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Medium...

open62541:fuzz_json_decode: Use-of-uninitialized-value in jumpOverRec

Detailed Report: https://oss-fuzz.com/testcase?key=5769092627955712 Project: open62541 Fuzzing Engine: libFuzzer Fuzz Target: fuzzjsondecode Job Type: libfuzzermsanopen62541 Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: jumpOverRec jumpOverRec jumpOverRec...