High
CVSS: 7.6
Yayın: 2025-01-21 16:15:15
YesWiki is a wiki system written in PHP. Versions up to and including 4.4.5 are vulnerable to any end-user crafting a DOM based XSS on all of YesWiki's pages which is triggered when a user clicks on a malicious link. The vulnerability makes use of th…
Medium
CVSS: 4.6
Yayın: 2025-01-21 16:15:14
Umbraco is a free and open source .NET content management system. Starting in version 14.0.0 and prior to versions 14.3.2 and 15.1.2, authenticated users are able to exploit a cross-site scripting vulnerability when viewing certain localized backoffi…
Medium
CVSS: 5.3
Yayın: 2025-01-21 16:15:14
Umbraco is a free and open source .NET content management system. Starting in version 14.0.0 and prior to versions 14.3.2 and 15.1.2, it's possible to determine whether an account exists based on an analysis of response codes and timing of Umbraco ma…
High
CVSS: 7.5
Yayın: 2025-01-21 16:15:14
HashiCorp’s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry.
High
CVSS: 8.1
Yayın: 2025-01-21 16:15:14
TOTOLINK A810R V4.1.2cu.5032_B20200407 was found to contain a command insertion vulnerability in downloadFile.cgi main function. This vulnerability allows an attacker to execute arbitrary commands by sending HTTP request.
Medium
CVSS: 4.5
Yayın: 2025-01-21 16:15:13
PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) in /view-medhistory.php and /admin/view-patient.php.
Medium
CVSS: 4.2
Yayın: 2025-01-21 15:15:13
PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) in /edit-profile.php via the parameter $address.
Medium
CVSS: 4.2
Yayın: 2025-01-21 15:15:13
PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) in /doctor/index.php via the 'Email' parameter.
High
CVSS: 8.2
Yayın: 2025-01-21 15:15:13
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy.
Cross-site request forgery allows an unauthenticated attacker to hijack the authentication of a logged in user, and use the web AP…
High
CVSS: 7.1
Yayın: 2025-01-21 14:15:13
Cross-Site Request Forgery (CSRF) vulnerability in Ngô Thắng IT PPO Call To Actions ppo-call-to-actions allows Cross Site Request Forgery.This issue affects PPO Call To Actions: from n/a through
High
CVSS: 7.1
Yayın: 2025-01-21 14:15:13
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in raratheme UltraLight the-ultralight allows Reflected XSS.This issue affects UltraLight: from n/a through
Medium
CVSS: 6.5
Yayın: 2025-01-21 14:15:13
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tamara Solution Tamara Checkout tamara-checkout allows Stored XSS.This issue affects Tamara Checkout: from n/a through < 1.9.9.1.
Medium
CVSS: 6.5
Yayın: 2025-01-21 14:15:13
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdesk Flexible PDF Coupons flexible-coupons allows Stored XSS.This issue affects Flexible PDF Coupons: from n/a through < 1.10.3.
High
CVSS: 7.1
Yayın: 2025-01-21 14:15:12
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Brizy Pro brizy-pro allows Reflected XSS.This issue affects Brizy Pro: from n/a through
High
CVSS: 7.1
Yayın: 2025-01-21 14:15:12
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Steve Burge WordPress Tag Cloud Plugin – Tag Groups tag-groups allows Reflected XSS.This issue affects WordPress Tag Cloud Plugin – Tag Groups: from…
High
CVSS: 7.1
Yayın: 2025-01-21 14:15:12
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows Reflected XSS.This issue affects My auctions allegro: from n/a through
Medium
CVSS: 6.5
Yayın: 2025-01-21 14:15:12
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Admiral Ad Blocking Detector ad-blocking-detector allows Stored XSS.This issue affects Ad Blocking Detector: from n/a through
Medium
CVSS: 6.5
Yayın: 2025-01-21 14:15:12
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PluginOps MailChimp Subscribe Forms mailchimp-subscribe-sm allows Stored XSS.This issue affects MailChimp Subscribe Forms : from n/a through
Critical
CVSS: 9.1
Yayın: 2025-01-21 14:15:12
Unrestricted Upload of File with Dangerous Type vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders allows Upload a Web Shell to a Web Serv…
High
CVSS: 7.1
Yayın: 2025-01-21 14:15:11
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e4jvikwp VikAppointments Services Booking Calendar vikappointments allows Stored XSS.This issue affects VikAppointments Services Booking Calendar: f…