Miniserve versions up to 0.32.0 is affected by improper link resolution before file access (CVSS 6.8).
BloofoxCMS 0.5.2.1 contains a stored cross-site scripting vulnerability in the articles text parameter that allows authenticated attackers to inject malicious scripts. [CVSS 6.4 MEDIUM]
Reflected XSS in Typemill's login error page allows unauthenticated attackers to inject malicious scripts by crafting requests with specially formatted usernames, since the username parameter lacks proper encoding when displayed after failed authentication attempts. Typemill versions 2.19.1 and below are affected, and public exploit code exists for this vulnerability. Version 2.19.2 contains the fix.
A DOM-based Cross-Site Scripting (XSS) vulnerability exists in the DomainCheckerApp class within domain/script.js of Sourcecodester Domain Availability Checker v1.0. [CVSS 5.4 MEDIUM]
account deletion reason input field. Attackers can inject malicious scripts is affected by cross-site scripting (xss) (CVSS 6.1).
MyBB Trending Widget Plugin 1.2 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through thread titles. Attackers can modify thread titles with script payloads that will execute when other users view the trending widget. [CVSS 6.1 MEDIUM]
custom text input field for thread redirects. Attackers can inject malicious SVG scripts is affected by cross-site scripting (xss) (CVSS 6.1).
LavaLite CMS versions up to and including 10.1.0 contain a stored cross-site scripting vulnerability in the package creation and search functionality. [CVSS 5.4 MEDIUM]
A signed integer overflow in docopt.cpp v0.6.2 (LeafPattern::match in docopt_private.h) when merging occurrence counters (e.g., default LONG_MAX + first user "-v/--verbose") can cause counter wrap (negative/unbounded semantics) and lead to logic/policy bypass in applications that rely on occurrence-based limits, rate-gating, or safety toggles. [CVSS 4.4 MEDIUM]
YetiShare File Hosting Script 5.1.0 contains a server-side request forgery vulnerability that allows attackers to read local system files through the remote file upload feature. [CVSS 4.0 MEDIUM]
The All-in-One Video Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `ajax_callback_create_bunny_stream_video`, `ajax_callback_get_bunny_stream_video`, and `ajax_callback_delete_bunny_stream_video` functions in all versions up to, and including, 4.6.4. [CVSS 6.5 MEDIUM]
Design Stylish Cost Calculator stylish-cost-calculator is affected by cross-site scripting (xss) (CVSS 6.5).
Stored XSS in Easy Modal WordPress plugin through version 2.1.0 enables authenticated attackers to inject malicious scripts that execute in the browsers of other users. An attacker with login credentials can store arbitrary JavaScript through improper input validation, affecting all visitors who view the compromised content. No patch is currently available to remediate this vulnerability.
The B Accordion WordPress plugin through version 2.0.0 exposes sensitive data in transmitted communications due to improper handling of embedded information. An authenticated attacker can intercept and retrieve this sensitive data, potentially compromising confidential information. No patch is currently available for this vulnerability.
DOM-based cross-site scripting in pixelgrade Nova Blocks through version 2.1.9 enables authenticated attackers to inject malicious scripts that execute in users' browsers with limited privileges. An attacker with valid credentials can craft requests to manipulate the page generation process, potentially compromising confidentiality, integrity, and availability across different security contexts. No patch is currently available for this vulnerability.
The Email Inquiry & Cart Options for WooCommerce plugin through version 3.4.3 contains a DOM-based cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by exploiting improper input neutralization. An attacker with user-level access can craft requests that execute arbitrary JavaScript in victims' browsers, potentially compromising user sessions or stealing sensitive data. No patch is currently available for this vulnerability.
Damian WP Popups plugin for WordPress versions up to 2.2.0.3 contains an authorization bypass that allows authenticated users to access sensitive information through improperly configured access controls. An attacker with low-privilege WordPress credentials could exploit this to read confidential data without proper authorization. No patch is currently available for this vulnerability.
Hyyan Abo Fakher Hyyan WooCommerce Polylang Integration woo-poly-integration is affected by missing authorization (CVSS 6.5).
iNET Webkit through version 1.2.4 contains a missing authorization control vulnerability that allows authenticated users to bypass access control restrictions and gain unauthorized read access to sensitive information. An attacker with valid credentials could exploit improperly configured security levels to access data they should not have permission to view. No patch is currently available for this vulnerability.
Stored XSS in ABG Rich Pins version 1.1 and earlier permits authenticated users to inject malicious scripts that execute in other users' browsers when viewing affected pages. An attacker with plugin access could deface content or steal session data from site visitors. No patch is currently available for this vulnerability.
Stored cross-site scripting in ArtPlacer Widget versions 2.23.1 and earlier enables attackers to inject malicious scripts that execute in users' browsers when viewing affected web pages. An unauthenticated attacker can exploit improper input validation during web page generation to compromise user sessions and steal sensitive data. No patch is currently available for this vulnerability.
Stored Cross-Site Scripting (XSS) in Kaira Blockons versions up to 1.2.15 enables authenticated attackers to inject malicious scripts that execute in other users' browsers, potentially compromising session tokens or performing actions on their behalf. The vulnerability requires user interaction to trigger and has limited scope, but impacts both confidentiality and integrity. No patch is currently available.
Elastic Cloud Storage versions up to 3.8.1.7 is affected by cleartext transmission of sensitive information (CVSS 6.5).
Open WebUI transmits authentication credentials in cleartext over the network, enabling adjacent attackers to intercept and obtain sensitive information without authentication. This information disclosure vulnerability can facilitate unauthorized access and further compromise of affected systems. No patch is currently available.
Stored XSS in Penci Pay Writer versions up to 1.5 allows authenticated attackers to inject malicious scripts that execute in other users' browsers, potentially compromising sensitive data or session information. The vulnerability stems from insufficient input validation during web page generation and requires user interaction to trigger. No patch is currently available for this vulnerability.
Stored cross-site scripting in PenciDesign Penci Review through version 3.5 enables authenticated attackers to inject malicious scripts that execute in other users' browsers, potentially compromising user sessions and data. The vulnerability requires user interaction to trigger and affects the web application's page generation functionality. No patch is currently available.
yasir129 Turn Yoast SEO FAQ Block to Accordion faq-schema-block-to-accordion is affected by cross-site scripting (xss) (CVSS 5.4).
COP UX Flat through version 5.4.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts into web pages, affecting all users who view the compromised content. An attacker with user-level access can craft malicious input that persists in the application and executes in victims' browsers, potentially leading to session hijacking, credential theft, or unauthorized actions. No patch is currently available for this vulnerability.
The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'saswp_custom_schema_field' profile field in all versions up to, and including, 1.54 due to insufficient input sanitization and output escaping. [CVSS 6.4 MEDIUM]
The Uncanny Automator - Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the automator_discord_user_mapping shortcode in all versions up to, and including, 6.10.0.2 due to insufficient input sanitization and output escaping on the verified_message parameter. [CVSS 6.4 MEDIUM]
Stored cross-site scripting in the WP DSGVO Tools WordPress plugin through version 3.1.36 allows authenticated contributors and higher-privileged users to inject malicious scripts into pages via the 'lw_content_block' shortcode due to improper input sanitization. When visitors access affected pages, the injected scripts execute in their browsers, potentially compromising user sessions or stealing sensitive data. No patch is currently available for this vulnerability.
The RSS Aggregator - RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp-rss-aggregator' shortcode in all versions up to, and including, 5.0.10 due to insufficient input sanitization and output escaping on user supplied attributes. [CVSS 6.4 MEDIUM]
8180 Ip Audio Alerter Firmware versions up to 5.5 is affected by cross-site scripting (xss) (CVSS 6.1).
Firecracker contains a vulnerability that allows attackers to a local host user with write access to the pre-created jailer directories to ove (CVSS 6.0).
A reflected cross-site scripting (XSS) vulnerability in ToDesktop Builder v0.33.1 allows attackers to execute arbitrary code in the context of a user's browser via a crafted payload. [CVSS 5.9 MEDIUM]
DOM-based cross-site scripting (XSS) in the Delay Redirects browser extension through version 1.0.0 enables attackers to inject malicious scripts that execute in users' browsers. An attacker can exploit this vulnerability to steal sensitive data, session cookies, or perform actions on behalf of affected users. No patch is currently available for this vulnerability.
Stored cross-site scripting in Ability Inc's Web Accessibility with Max Access toolbar (versions through 2.1.0) enables authenticated users with high privileges to inject malicious scripts that execute in other users' browsers. An attacker with administrative access could manipulate the toolbar to store XSS payloads that compromise confidentiality, integrity, and availability of the affected web application. No patch is currently available for this vulnerability.
Stored cross-site scripting in LogicHunt Logo Slider WordPress plugin versions up to 4.9.0 enables authenticated attackers with high privileges to inject malicious scripts that execute in other users' browsers. An attacker could leverage this to steal session tokens, deface content, or perform actions on behalf of affected users. No patch is currently available.
PluginOps Landing Page Builder page-builder-add is affected by cross-site scripting (xss) (CVSS 5.9).
Devsbrain Flex QR Code Generator flex-qr-code-generator is affected by cross-site scripting (xss) (CVSS 5.9).
Vladimir Statsenko Terms descriptions terms-descriptions is affected by cross-site scripting (xss) (CVSS 4.8).
An authentication weakness was identified in Omada Controllers, Gateways and Access Points, controller-device adoption due to improper handling of random values.
Themeum Tutor LMS BunnyNet Integration tutor-lms-bunnynet-integration is affected by cross-site scripting (xss) (CVSS 5.9).
livemesh Livemesh Addons for WPBakery Page Builder addons-for-visual-composer is affected by cross-site scripting (xss) (CVSS 4.8).
The Golang sigstore framework versions 1.10.3 and below fail to validate cache directory paths in the legacy TUF client, allowing a malicious TUF repository to overwrite arbitrary files on disk within the calling process's permission scope. This impacts direct users of the TUF client in sigstore/sigstore and older Cosign versions, though public Sigstore deployments are protected by metadata validation from trusted collaborators. No patch is currently available for this medium-severity path traversal vulnerability.
The Linux kernel's Ceph authentication handler fails to properly propagate errors from mon_handle_auth_done(), allowing the msgr2 protocol to proceed with session establishment even when authentication fails in secure mode. This can trigger a NULL pointer dereference in prepare_auth_signature(), causing a denial of service on systems using Ceph for storage or communication. Local attackers with privileges to interact with Ceph authentication can crash the kernel or cause system instability.
In the Linux kernel, the following vulnerability has been resolved: net: usb: rtl8150: fix memory leak on usb_submit_urb() failure In async_set_registers(), when usb_submit_urb() fails, the allocated async_req structure and URB are not freed, causing a memory leak. [CVSS 5.5 MEDIUM]
The Linux kernel's idpf driver contains a NULL pointer dereference in its RSS LUT handling that can be triggered when ethtool commands access the RSS lookup table immediately after a soft reset. Local users with standard privileges can crash the system by performing queue count changes followed by ethtool operations on the affected network interface. A patch is available to properly manage RSS LUT state during soft resets based on queue count changes.
A null pointer dereference in the Linux kernel's traffic control action module (act_api) causes a denial of service during network namespace teardown when invalid error pointers are dereferenced. A local attacker with low privileges can trigger this crash by manipulating tc actions during system shutdown or container termination. A patch is available to guard against ERR_PTR entries during action cleanup.
The Linux kernel's idpf driver crashes with a NULL pointer dereference when ethtool RSS operations are performed before the network interface is brought up, affecting systems using this driver. A local attacker with unprivileged user access can trigger a denial of service by executing RSS configuration commands on a down interface. The vulnerability is resolved by initializing the RSS lookup table during vport creation rather than at interface startup.