| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The mstatus register in RSD commit 3d13a updates incorrectly, leading to processing errors. |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in CodeRevolution WP Setup Wizard.This issue affects WP Setup Wizard: from n/a through 1.0.8.1.
|
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hiroaki Miyashita Custom Field Template allows Stored XSS.This issue affects Custom Field Template: from n/a through 2.6.
|
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Concerted Action Action Network allows Reflected XSS.This issue affects Action Network: from n/a through 1.4.2.
|
| Missing Authorization vulnerability in Peach Payments Peach Payments Gateway.This issue affects Peach Payments Gateway: from n/a through 3.1.9.
|
| Insertion of Sensitive Information into Log File vulnerability in PeepSo Community by PeepSo.This issue affects Community by PeepSo: from n/a through 6.2.7.0.
|
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Trustindex.Io WP Testimonials.This issue affects WP Testimonials: from n/a through 1.4.3.
|
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IndiaNIC Widgets Controller allows Reflected XSS.This issue affects Widgets Controller: from n/a through 1.1.
|
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SoundCloud Inc., Lawrie Malen SoundCloud Shortcode allows Stored XSS.This issue affects SoundCloud Shortcode: from n/a through 4.0.1.
|
| Mirrored regions with different values in 3rd Generation Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access. |
| Initialization of a resource with an insecure default vulnerability in OET-213H-BTS1 sold in Japan by Atsumi Electric Co., Ltd. allows a network-adjacent unauthenticated attacker to configure and control the affected product. |
| When LDAP authentication is activated in the configuration it is possible to obtain reflected XSS execution by creating a custom URL that the victim only needs to open in order to execute arbitrary JavaScript code in the victim's browser. This is due to a fault in the file login.php where the content of "$_SERVER['PHP_SELF']" is reflected into the HTML of the website. Hence the attacker does not need a valid account in order to exploit this issue. |
| The application does not change the session token when using the login or logout functionality. An attacker can set a session token in the victim's browser (e.g. via XSS) and prompt the victim to log in (e.g. via a redirect to the login page). This results in the victim's account being taken over. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AuburnForest DataMentor datamentor allows DOM-Based XSS.This issue affects DataMentor: from n/a through <= 1.7. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Riley Magnuson MyOrderDesk myorderdesk allows DOM-Based XSS.This issue affects MyOrderDesk: from n/a through <= 3.2.6. |
| A vulnerability exists in the RTU500 that allows for authenticated and authorized users to bypass secure update,
if secure update feature was not enabled on all
CMUs of a RTU500. If a
malicious actor successfully exploits this vulnerability, they
could use it to update the RTU500 with unsigned firmware. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mark Hodder Themedy Toolbox themedy-toolbox allows DOM-Based XSS.This issue affects Themedy Toolbox: from n/a through <= 1.0.16. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Steven Nolles Bonway Static Block Editor bonway-static-block-editor allows DOM-Based XSS.This issue affects Bonway Static Block Editor: from n/a through <= 1.1.0. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Classy Addons Classy Addons for Elementor classy-addons-for-elementor allows DOM-Based XSS.This issue affects Classy Addons for Elementor: from n/a through <= 1.2.7. |
| OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with credentials to execute arbitrary OS commands by sending a specially crafted request to the product. |
