ZohoCorp ManageEngine Endpoint Central versions earlier than 11.4.2508.14, 11.4.2516.06, and 11.4.2518.01 are affected by an arbitrary file deletion vulnerability in the agent setup component. More information : https://www.manageengine.com/products/desktop-central/kb/arbitrary-file-deletion-allows-local-privilege-escalation.html
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in giSoft Information Technologies City Guide allows Reflected XSS.This issue affects City Guide: before 1.4.45. More information : https://www.usom.gov.tr/bildirim/tr-25-0350
SolarWinds Observability Self-Hosted is susceptible to SQL injection vulnerability that may display sensitive data using a low-level account. This vulnerability requires authentication from a low-privilege account. More information : https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/hco_2025-4_release_notes.htm
Incorrect Permission Assignment for Critical Resource vulnerability in The Wikimedia Foundation Mediawiki – Lockdown Extension allows Privilege Abuse. Fixed in Mediawiki Core Action APIThis issue affects Mediawiki – Lockdown Extension: from master before 1.42....
EasyFlow .NET and EasyFlow AiNet, developed by Digiwin, has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to obtain database administrator credentials via a specific functionality. More information : https://www.twcert.org.tw/en/cp-139-10455-5b9ac-2.html
The FormGent WordPress plugin before 1.0.4 is vulnerable to arbitrary file deletion due to insufficient file path validation. This makes it possible for unauthenticated attackers to delete arbitrary files on the server. More information...
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in The Wikimedia Foundation Mediawiki – PageTriage Extension allows Stored XSS.This issue affects Mediawiki – PageTriage Extension: from master before 1.44....
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in The Wikimedia Foundation Mediawiki – WikiLove Extension allows Stored XSS.This issue affects Mediawiki – WikiLove Extension: 1.39. More information :...
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in The Wikimedia Foundation Mediawiki – Wikistories allows Stored XSS.This issue affects Mediawiki – Wikistories: from master before 1.44. More information...
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in The Wikimedia Foundation Mediawiki – WikiLambda Extension allows Stored XSS.This issue affects Mediawiki – WikiLambda Extension: master. More information :...
Improper Neutralization of Special Elements used in a Command (‘Command Injection’) vulnerability in The Wikimedia Foundation Mediawiki Foundation – Springboard Extension allows Command Injection.This issue affects Mediawiki Foundation – Springboard Extension: master. More information...
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki – Translate Extension allows Footprinting. Translate extension appears to use jobs to make edits to translation pages. This causes the...
A missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50(W) series firmware versions from V4.16 through V5.40, and...
A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50(W) series firmware versions from V4.16 through V5.40,...