Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in The Wikimedia Foundation Mediawiki – UploadWizard Extension allows Stored XSS.This issue affects Mediawiki – UploadWizard Extension: from master before 1.39....
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Wikimedia Foundation Mediawiki – Skin:BlueSky allows Stored XSS.This issue affects Mediawiki – Skin:BlueSky: from master before 1.39. More information :...
The ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘shortpixel_ajaxRequest’ AJAX action in all...
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in The Wikimedia Foundation MediaWiki WebAuthn extension allows Stored XSS.This issue affects MediaWiki WebAuthn extension: 1.39, 1.43, 1.44. More information :...
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in The Wikimedia Foundation MediaWiki PollNY extension allows Stored XSS.This issue affects MediaWiki PollNY extension: 1.39, 1.43, 1.44. More information :...
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in The Wikimedia Foundation MediaWiki QuizGame extension allows Stored XSS.This issue affects MediaWiki QuizGame extension: 1.39, 1.43, 1.44. More information :...
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in The Wikimedia Foundation MediaWiki Cargo extension allows SQL Injection.This issue affects MediaWiki Cargo extension: 1.39, 1.43, 1.44. More information :...
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 does not implement access control for the bathroom rating interface. More information : https://archive.today/fMYQp
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 relies on client-side authentication for submission of equipment orders. More information : https://archive.today/fMYQp
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 relies on client-side authentication for use of the diagnostic screen. More information : https://archive.today/fMYQp
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 transmits passwords of user accounts in cleartext e-mail messages. More information : https://archive.today/fMYQp
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 has a Global Store Directory that shares personal information among authenticated users. More information : https://archive.today/fMYQp
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows a remote authenticated attacker to obtain a token with administrative privileges for the entire platform via the createToken GraphQL mutation. More information : https://archive.today/fMYQp
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows remote attackers to review the stored audio of conversations between associates and Drive Thru customers. More information : https://archive.today/fMYQp