Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ShapedPlugin LLC Real Testimonials allows Stored XSS. This issue affects Real Testimonials: from n/a through 3.1.6. Assigner : audit@patchstack.com More information :...
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash allows Stored XSS. This issue affects Uncanny Toolkit for LearnDash: from n/a through 3.7.0.1. Assigner :...
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Global Gallery allows Reflected XSS. This issue affects Global Gallery: from n/a through 8.8.0. Assigner : audit@patchstack.com More information : https://patchstack.com/database/wordpress/plugin/global-gallery/vulnerability/wordpress-global-gallery-plugin-8-8-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
Web-Check is an all-in-one OSINT tool for analyzing any website. A command injection vulnerability exists in the screenshot API of the Web Check project (Lissy93/web-check). The issue stems from user-controlled input (url) being passed...
Weblate is a web based localization tool. Prior to version 5.11, when creating a new component from an existing component that has a source code repository URL specified in settings, this URL is included...
An authenticated attacker can obtain any plant name by knowing the plant ID. Assigner : ics-cert@hq.dhs.gov More information : https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04
An unauthenticated attacker can obtain a list of smart devices by knowing a valid username. Assigner : ics-cert@hq.dhs.gov More information : https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04
An unauthenticated attacker can check the existence of usernames in the system by querying an API. Assigner : ics-cert@hq.dhs.gov More information : https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04
Jellyfin is an open source self hosted media server. Versions before 10.10.7 are vulnerable to argument injection in FFmpeg. This can be leveraged to possibly achieve remote code execution by anyone with credentials to...
An unauthenticated attacker can obtain a user’s plant list by knowing the username. Assigner : ics-cert@hq.dhs.gov More information : https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are 9.2.0.0-9.2.9.2. Easily exploitable vulnerability allows low privileged attacker with network access via...
Vulnerability in the Oracle Smart View for Office product of Oracle Hyperion (component: Core Smart View). The supported version that is affected is 24.200. Difficult to exploit vulnerability allows high privileged attacker with network...
Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.26, 21.3-21.17 and 23.4-23.7. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to...
Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft (component: Page and Field Configuration). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with...