EUVD-2025-35658

Outdated and Vulnerable UI Dependencies might potentially lead to exploitation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

CVE-2025-12104 Incorrect Content-Type Header

Outdated and Vulnerable UI Dependencies might potentially lead to exploitation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

CVE-2024-10108

The WPAdverts – Classifieds Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's advertsadd shortcode in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers t...

memos CORS Misconfiguration in server.go (GHSL-2024-034)

memos is a privacy-first, lightweight note-taking service. A CORS misconfiguration exists in memos 0.20.1 and earlier where an arbitrary origin is reflected with Access-Control-Allow-Credentials set to true. This may allow an attacking website to make a cross-origin request, allowing the attacker...

GHSA-P4FX-QF2H-JPMJ memos CORS Misconfiguration in server.go (GHSL-2024-034)

memos is a privacy-first, lightweight note-taking service. A CORS misconfiguration exists in memos 0.20.1 and earlier where an arbitrary origin is reflected with Access-Control-Allow-Credentials set to true. This may allow an attacking website to make a cross-origin request, allowing the attacker...

CVE-2024-41659 GHSL-2024-034: memos CORS Misconfiguration in server.go

memos is a privacy-first, lightweight note-taking service. A CORS misconfiguration exists in memos 0.20.1 and earlier where an arbitrary origin is reflected with Access-Control-Allow-Credentials set to true. This may allow an attacking website to make a cross-origin request, allowing the attacker...

CVE-2024-41659 GHSL-2024-034: memos CORS Misconfiguration in server.go

memos is a privacy-first, lightweight note-taking service. A CORS misconfiguration exists in memos 0.20.1 and earlier where an arbitrary origin is reflected with Access-Control-Allow-Credentials set to true. This may allow an attacking website to make a cross-origin request, allowing the attacker...

de.the-library-code.dspace:addon-duplication-detection-service-jspui (>=6.2.0 <=6.3.1), de.the-library-code.dspace:addon-identifiers-enduring-submission-jspui (=6.3.0) +1 more potentially affected by CVE-2022-31191 via org.dspace:dspace-jspui (>=6.0 <=6.3)

org.dspace:dspace-jspui MAVEN version =6.0, =6.2.0, =6.0, =6.3 Source cves: CVE-2022-31191 Source advisory: OSV:GHSA-C558-5GFM-P2R8...

New Relic: Account Takeover via Email ID Change and Forgot Password Functionality

@dsdh discovered an issue with the email change flow, where emails would be sent to the new email address prior to that address being verified. An attacker could have abused this issue to access vulnerable user accounts...

CM Pop-Up banners < 1.4.11 - Authenticated Stored XSS

When saving a new campaign, a user with editpages capabilities can store scripts in the campaign’s pop-up content. The code can then be executed on every page on the website. PoC A user with the editpages capability can store any script in the pop-up's content. The content is serialized and then...

Windows Media Center command execution

Added: 09/15/2015 CVE: CVE-2015-2509 Background Windows Media Center is software for watching DVDs and TV channels on Windows systems. Problem A vulnerability in Windows Media Center could allow command execution when a user opens an .mcl file which references an executable file supplied by an...

Mozilla Firefox onreadystatechange Event Use After Free

Added: 08/22/2013 CVE: CVE-2013-1690 BID: 60778 OSVDB: 94584 Background Firefox is a freely available web browser for multiple platforms including Windows, Linux, and Mac OS. Problem A use-after-free vulnerability is triggered when handling onreadystatechange events and Event or Page reloads at t...

Microsoft Windows Media Player Bitmap Handling Buffer Overflow Vulnerability

Description Microsoft Windows Media Player is prone to a remote buffer-overflow vulnerability. The vulnerability arises when the application handles a skin file containing a specially crafted bitmap image. This issue can also be triggered by just supplying a malicious bitmap to the application...