Low
CVSS: 3.5
The Photo Gallery, Sliders, Proofing and WordPress plugin before 3.59.9 does not sanitise and escape some of its Image settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when…
Low
CVSS: 3.6
copyparty, a portable file server, has a DOM-based cross-site scripting vulnerability in versions prior to 1.16.15. The vulnerability is considered low-risk. By handing someone a maliciously-named file, and then tricking them into dragging…
Low
CVSS: 3.1
Additional checks were required to ensure trusttext is applied (when enabled) to glossary entries being restored.
Low
CVSS: 3.1
Insufficient capability checks made it possible to disable badges a user does not have permission to access.
Low
CVSS: 3.4
The drag-and-drop onto image (ddimageortext) question type required additional sanitizing to prevent a stored XSS risk.
Low
CVSS: 3.1
Mattermost versions 9.11.x
Low
CVSS: 3.3
Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory.
Low
CVSS: 3.3
IBM Security Verify Bridge Directory Sync 1.0.1 through 1.0.12, IBM Security Verify Gateway for Windows Login 1.0.1 through 1.0.10, and IBM Security Verify Gateway for Radius 1.0.1 through 1.0.11
stores potentially sensitive information i…
Low
CVSS: 2.3
vyper is a Pythonic Smart Contract Language for the EVM. Vyper handles AugAssign statements by first caching the target location to avoid double evaluation. However, in the case when target is an access to a DynArray and the rhs modifies th…
Low
CVSS: 2.3
vyper is a Pythonic Smart Contract Language for the EVM. Multiple evaluation of a single expression is possible in the iterator target of a for loop. While the iterator expression cannot produce multiple writes, it can consume side effects…
Low
CVSS: 2.3
vyper is a Pythonic Smart Contract Language for the EVM. Vyper `sqrt()` builtin uses the babylonian method to calculate square roots of decimals. Unfortunately, improper handling of the oscillating final states may lead to sqrt incorrectly…
Low
CVSS: 3.8
A vulnerability was found in ITSourcecode Simple ChatBox up to 1.0. This vulnerability affects unknown code of the file /del.php. The attack can use SQL injection to obtain sensitive data.
Low
CVSS: 3.8
A vulnerability was found in ITSourcecode Simple ChatBox up to 1.0. This vulnerability affects unknown code of the file /admin.php. The attack can use SQL injection to obtain sensitive data.
Low
CVSS: 3.5
The Ajax Search Lite WordPress plugin before 4.12.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capabi…
Low
CVSS: 3.5
The Carousel, Slider, Gallery by WP Carousel WordPress plugin before 2.7.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the…
Low
CVSS: 2.3
CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. During a recent internal audit, a Cross-Site Scripting (XSS) vulnerability was discovered in the CKEditor 5 real-time collaboration package. This vulnerability aff…
Low
CVSS: 2.3
Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on (SSO) for applications via a web portal. If users are allowed to sign in via both username and email the regulation sy…
Low
CVSS: 2.1
A vulnerability, which was classified as problematic, was found in lmxcms 1.41. Affected is an unknown function of the file db.inc.php of the component Maintenance. The manipulation leads to code injection. It is possible to launch the atta…
Low
CVSS: 3.5
The Master Slider WordPress plugin before 3.10.5 does not sanitise and escape some of its settings, which could allow high privilege users such as Editor and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_htm…
Low
CVSS: 2.9
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.