A flaw has been found in SohuTV CacheCloud up to 3.2.0. The impacted element is the function redirectNoPower of the file src/main/java/com/sohu/cache/web/controller/WebResourceController.java. This manipulation causes cross site scripting. The attack is possible to be...
NagiosXI 2026R1.0.1 build 1762361101 is vulnerable to Directory Traversal in /admin/coreconfigsnapshots.php. More information : https://github.com/YongYe-Security/NagiosXI/tree/main
In NagiosXI 2026R1.0.1 build 1762361101, Dashboard parameters lack proper filtering, allowing any authenticated user to exploit a SQL Injection vulnerability. More information : https://github.com/YongYe-Security/NagiosXI/tree/main
libheif is an HEIF and AVIF file format decoder and encoder. Prior to version 1.21.0, a crafted HEIF that exercises the overlay image item path triggers a heap buffer over-read in `HeifPixelImage::overlay()`. The function...
Rapid7 Velociraptor versions before 0.75.6 contain a directory traversal issue on Linux servers that allows a rogue client to upload a file which is written outside the datastore directory. Velociraptor is normally only allowed...
The Advanced Ads plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.0.14 via the ‘change-ad__content’ shortcode parameter. This allows authenticated attackers with editor-level permissions or above, to...
The PixelYourSite plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 11.1.5 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially...
CWE-434 Unrestricted Upload of File with Dangerous Type More information : https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0
CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) More information : https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0
CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) More information : https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0
CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) More information : https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0
Buffer overflow vulnerability in function dcputchar in decompile.c in libming 0.4.8. More information : https://github.com/libming/libming/issues/367
Missing Authorization vulnerability in Plugin Optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Plugin Optimizer: from n/a through 1.3.7. More information : https://vdp.patchstack.com/database/wordpress/plugin/plugin-optimizer/vulnerability/wordpress-plugin-optimizer-plugin-1-3-7-broken-access-control-vulnerability?_s_id=cve
A weakness has been identified in code-projects College Notes Uploading System 1.0. This issue affects some unknown processing of the file /login.php. Executing manipulation of the argument User can lead to sql injection. The...