| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0. |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0. |
| The GD Mylist WordPress plugin through 1.1.1 does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed |
| The Petfinder Listings WordPress plugin through 1.0.18 does not escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed |
| The SEO 301 Meta WordPress plugin through 1.9.1 does not escape its Request and Destination settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed |
| The Simple Tracking WordPress plugin before 1.7 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed |
| Open Redirect in GitHub repository archivy/archivy prior to 1.7.0. |
| NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428. |
| Denial of Service in GitHub repository radareorg/radare2 prior to 5.6.4. |
| The Advanced Booking Calendar WordPress plugin before 1.7.0 does not validate and escape the calendar parameter before using it in a SQL statement via the abc_booking_getSingleCalendar AJAX action (available to both unauthenticated and authenticated users), leading to an unauthenticated SQL injection |
| The Master Elements WordPress plugin through 8.0 does not validate and escape the meta_ids parameter of its remove_post_meta_condition AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an unauthenticated SQL Injection |
| Open Redirect on Rudloff/alltube in Packagist rudloff/alltube prior to 3.0.1. |
| Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.9. |
| Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11. |
| Use multiple time the one-time coupon in Packagist microweber/microweber prior to 1.2.11. |
| Business Logic Errors in Packagist microweber/microweber prior to 1.2.11. |
| The Amelia WordPress plugin before 1.0.47 stores image blobs into actual files whose extension is controlled by the user, which may lead to PHP backdoors being uploaded onto the site. This vulnerability can be exploited by logged-in users with the custom "Amelia Manager" role. |
| Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8. |
| Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418. |
| The WP Home Page Menu WordPress plugin before 3.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed |
