Unauthenticated Cross Site Scripting (XSS) in Automotive Car Dealership Business <= 13.3.3 versions.
Unauthenticated Cross Site Scripting (XSS) in Automotive Listings <= 18.6 versions.
Subscriber Arbitrary File Upload in Zegen <= 1.1.9 versions.
Contributor PHP Object Injection in Werkstatt <= 4.8.3 versions.
Unauthenticated Local File Inclusion in Pearl - Corporate Business <= 3.4.10 versions.
Unauthenticated Cross Site Scripting (XSS) in NativeChurch <= 4.8.8.2 versions.
Unauthenticated Cross Site Scripting (XSS) in LMS <= 9.7 versions.
Unauthenticated Cross Site Scripting (XSS) in Kids Life | Children School WordPress <= 5.2 versions.
Contributor PHP Object Injection in ARMember Premium <= 7.0 versions.
u5CMS through v12.8.8 is vulnerable to reflected XSS via the ‘thanks’ parameter in multiple form components
An unauthenticated remote attacker can exhaust server memory via the GetEndpoints Discovery Service in open62541. The endpointUrl field of GetEndpointsRequest is not validated for length. An attacker can declare an arbitrarily large string (up to ~4.09 GB via the UInt32 length field) delivered acros...
Unauthenticated Cross Site Scripting (XSS) in Kids Zone - Children WordPress Theme <= 5.4 versions.
Unauthenticated Cross Site Scripting (XSS) in Fitness Zone WordPress Theme <= 5.7 versions.
Unauthenticated Cross Site Scripting (XSS) in SpaLab | Beauty Salon WordPress Theme <= 6.7 versions.
Unauthenticated Cross Site Scripting (XSS) in Trendy Travel <= 6.7 versions.
Unauthenticated Cross Site Scripting (XSS) in Artale | Wedding Photography WordPress <= 2.2.2 versions.
Unauthenticated Arbitrary Content Deletion in OpenAI Chatbot for WordPress – Helper <= 1.1.4 versions.
Subscriber Local File Inclusion in Tourmaster <= 5.4.5 versions.
Subscriber Sensitive Data Exposure in Corpkit <= 1.0.5 versions.
Subscriber SQL Injection in Unicamp <= 2.2.2 versions.