CVE-2025-68863

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Zack Katz iContact for Gravity Forms gravity-forms-icontact allows Reflected XSS.This issue affects iContact for Gravity Forms: from n/a through = 1.3.2...

EUVD-2025-4031

Malicious code in bioql PyPI...

PT-2025-5930 · Unknown · Zack Katz Links In Captions

Name of the Vulnerable Software and Affected Versions: Zack Katz Links in Captions versions n/a through 1.2 Description: The issue is related to improper neutralization of input during web page generation, which allows for Stored Cross-site Scripting XSS. This means that an attacker can inject...

CVE-2024-51761 WordPress WPHelpful plugin <= 1.2.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in zackgilbert WPHelpful wphelpful allows Stored XSS.This issue affects WPHelpful: from n/a through = 1.2.4...

CVE-2024-51761

CVE-2024-51761 describes a Reflected XSS in the WordPress plugin WPHelpful (WPHelpful: from n/a through 1.2.4). The issue stems from improper neutralization of input during web page generation, enabling reflected cross-site scripting. The CVSS/metrics in the document show a Base Score of 7.1 (HIG...

aeros (>=2.0.0a1 <=2.0.0b4), apache-airflow-zack (=1.10.15.9) +16 more potentially affected by CVE-2021-33026 via flask-caching (=1.10.1)

flask-caching PYPI version =1.10.1 is affected by a known vulnerability. The following packages have a transitive dependency on flask-caching and may be impacted: - aeros =2.0.0a1, =2.1.1.3, =0.0.0a0, =2.0.0, =3.1.0, =1.2.31, =0.16.5, =0.4.0, =0.2.14, =2.3.7, =2.3.20 and more Source cves:...

Ubuntu 18.10 / 19.04 : Monit vulnerabilities (USN-3971-1)

Zack Flack discovered that Monit incorrectly handled certain input. A remote authenticated user could exploit this to conduct cross-site scripting XSS attacks. CVE-2019-11454 Zack Flack discovered a buffer overread when Monit decoded certain crafted URLs. An attacker could exploit this to leak...

WordPress Comment Rating Cross Site Scripting / SQL Injection

Exploit Title: Wordpress comment rating plugin multiple Vulnerabilities Google Dork: 1- inurl:"/wp-content/plugins/comment-rating/" 2- inurl:"/ck-processkarma.php?id=" Date: 2/1/2012 Author: The Evil Thinker Contact : [email protected] Software Link: www.wordpress.com Vulnerable plugin: Comme...

Comcast DOCSIS 3.0 Business Gateways - Multiple Vulnerabilities

Trustwave's SpiderLabs Security Advisory TWSL2011-002: Vulnerabilities in Comcast DOCSIS 3.0 Business Gateways D3G-CCR https://www.trustwave.com/spiderlabs/advisories/TWSL2011-002.txt Published: 2011-02-04 Version: 1.0 Vendor: Comcast http://comcast.com Product: Comcast DOCSIS 3.0 Business Gatewa...

Debian Security Advisory DSA 159-2 (python)

The remote host is missing an update to python announced via advisory DSA 159-2. OpenVAS Vulnerability Test $Id: deb1592.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 159-2 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...