Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in The Wikimedia Foundation Mediawiki – Wikistories allows Stored XSS.This issue affects Mediawiki – Wikistories: from master before 1.44. More information...
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in The Wikimedia Foundation Mediawiki – WikiLambda Extension allows Stored XSS.This issue affects Mediawiki – WikiLambda Extension: master. More information :...
Improper Neutralization of Special Elements used in a Command (‘Command Injection’) vulnerability in The Wikimedia Foundation Mediawiki Foundation – Springboard Extension allows Command Injection.This issue affects Mediawiki Foundation – Springboard Extension: master. More information...
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki – Translate Extension allows Footprinting. Translate extension appears to use jobs to make edits to translation pages. This causes the...
A missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50(W) series firmware versions from V4.16 through V5.40, and...
A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50(W) series firmware versions from V4.16 through V5.40,...
An attacker may obtain the root shell on the underlying OS system with the restricted conditions on Omada gateways. More information : https://support.omadanetworks.com/en/document/108456/
An arbitrary OS command may be executed on the product by a remote unauthenticated attacker. More information : https://support.omadanetworks.com/en/document/108455/
A command injection vulnerability may be exploited after the admin’s authentication on the web portal on Omada gateways. More information : https://support.omadanetworks.com/en/document/108456/
An arbitrary OS command may be executed on the product by the user who can log in to the web management interface. More information : https://support.omadanetworks.com/en/document/108455/
Mbed TLS before 3.6.5 allows a local timing attack against certain RSA operations, and direct calls to mbedtls_mpi_mod_inv or mbedtls_mpi_gcd. More information : https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-10-ssbleed-mstep/
The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 8.2.5 via the wp_ajax_import_elementor_template action. This makes it possible for authenticated...
Lack of application manifest sanitation could lead to potential stored XSS.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. More information : https://azure-access.com/security-advisories
There is a SQL injection vulnerability in Restaurant Management System DBMS Project v1.0 via login.php. The vulnerability allows attackers to manipulate the application’s database through specially crafted SQL query strings. More information : https://gold-textbook-8ff.notion.site/Restaurant-Management-System-DBMS-project-SQL-injection-25985e97f35380b2922ad4ebe8c47639