The Makesweat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'makesweat_clubid' setting in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-le...
The SpiceForms Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'spiceforms' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenti...
The VSCode extension for Spring CLI are vulnerable to command injection, resulting in command execution on the users machine.
Permission verification bypass vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Multi-thread race condition vulnerability in the thermal management module. Impact: Successful exploitation of this vulnerability may affect availability.
Vulnerability of improper permission control in the print module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Permission control vulnerability in the Notepad module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Permission control vulnerability in the Notepad module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Data verification vulnerability in the HiView module. Impact: Successful exploitation of this vulnerability may affect availability.
Man-in-the-middle attack vulnerability in the Clone module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability.
Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability.
Multi-thread race condition vulnerability in the video framework module. Impact: Successful exploitation of this vulnerability may affect availability.
Permission verification bypass vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability.
Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability.
Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability.
Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability.
A flaw was found in libsoupโs WebSocket frame processing when handling incoming messages. If a non-default configuration is used where the maximum incoming payload size is unset, the library may read memory outside the intended bounds. This can cause unintended memory exposure or a crash. Applicatio...
Webgrind 1.1 and before contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts via the file parameter in index.php. The application does not sufficiently encode user-controlled inputs, allowing attackers to execute arbitrary JavaScri...