Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nazmur Rahman Text Selection Color allows Stored XSS.6. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Preetinder Singh TGG WP Optimizer allows Stored XSS.22. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Miller WP-OGP allows Stored XSS.0.5. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A double free vulnerability has been identified in the ASUS System Analysis service. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Cross-site request forgery (CSRF) vulnerability in the web application of saTECH BCU firmware version 2.1.3, which could allow an unauthenticated local attacker to exploit active administrator. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required. No vendor patch available.
An Improper Neutralization of Input During Web Page Generation in FortiClientEMS version 6.2.0 may allow a remote attacker to execute unauthorized code by injecting malicious payload in the user. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable. No vendor patch available.
A vulnerability, which was classified as critical, has been found in Aishida Call Center System up to 20250314. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Cross Site Scripting vulnerability in Leantime v3.2.1 and before allows an authenticated attacker to execute arbitrary code and obtain sensitive information via the first name field in. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Cross-site scripting vulnerability exists in the NickName registration screen of HGW-BL1500HM Ver 002.002.003 and earlier. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in Aurélien LWS LWS SMS allows Cross Site Request Forgery.4.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in misteraon Simple Trackback Disabler allows Cross Site Request Forgery.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in nertworks NertWorks All in One Social Share Tools allows Cross Site Request Forgery.26. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in tobias_.MerZ Browser Caching with .htaccess allows Cross Site Request Forgery.htaccess: from 1.2.1 through n/a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.2.19 via the 'wpAmeliaApiCall'. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Unauthorised access to the call forwarding service system in MeetMe products in versions prior to 2024-09 allows an attacker to identify multiple users and perform brute force attacks via extensions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in webrangers Clear Sucuri Cache allows Exploiting Incorrectly Configured Access Control Security Levels.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiDDoS version 5.4.0, version 5.3.2 and below, version 5.2.0, version 5.1.0, version 5.0.0,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The Advanced Google reCAPTCHA plugin for WordPress is vulnerable to generic SQL Injection via the ‘sSearch’ parameter in all versions up to, and including, 1.29 due to insufficient escaping on the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.
Server-Side Request Forgery (SSRF) vulnerability in WP Compress WP Compress for MainWP allows Server Side Request Forgery.30.03. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.
In MISP before 2.4.193, menu_custom_right_link_html parameters can be set via the UI (i.e., without using the CLI) and thus attackers with admin privileges can conduct XSS attacks against every page. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
In MISP before 2.4.193, menu_custom_right_link parameters can be set via the UI (i.e., without using the CLI) and thus attackers with admin privileges can conduct XSS attacks via a global menu link. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Reflected Cross-Site Scripting (XSS) vulnerability in version 1.0 of the Clinic Queuing System. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Reflected Cross-Site Scripting (XSS) vulnerability in version 1.0 of the Clinic Queuing System. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Reflected Cross-Site Scripting (XSS) vulnerability in version 1.0 of the Clinic Queuing System. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM PowerVM Hypervisor FW1050.00 through FW1050.30 and FW1060.00 through FW1060.20 could allow a local user, under certain Linux processor combability mode configurations, to cause undetected data. Rated medium severity (CVSS 4.5), this vulnerability is no authentication required. No vendor patch available.
An issue has been discovered in GitLab EE/CE affecting all versions from 12.10 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in ReichertBrothers SimplyRETS Real Estate IDX allows Cross Site Request Forgery.0.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in matthewprice1178 WP Database Optimizer allows Cross Site Request Forgery.2.1.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in bsndev Ultimate Security Checker allows Cross Site Request Forgery.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in Benoit De Boeck WP Supersized allows Cross Site Request Forgery.1.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in usermaven Usermaven allows Cross Site Request Forgery.2.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The OpenSAML C++ library before 3.3.1 allows forging of signed SAML messages via parameter manipulation (when using SAML bindings that rely on non-XML signatures). Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
The Go1 also known as "The World's First Intelligence Bionic Quadruped Robot Companion of Consumer Level," contains an undocumented backdoor that can enable the manufacturer, and anyone in possession. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.