| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The "NagVis" component within Checkmk is vulnerable to reflected cross-site scripting. An attacker can craft a malicious link that will execute arbitrary JavaScript in the context of the browser once clicked. The attack can be performed on both authenticated and unauthenticated users. |
| Zohocorp ManageEngine OpManager versions 128609 and below are vulnerable to Stored XSS Vulnerability in the SNMP trap processor. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in videowhisper Picture Gallery picture-gallery allows Reflected XSS.This issue affects Picture Gallery: from n/a through <= 1.6.3. |
| Cross-Site Request Forgery (CSRF) vulnerability in qusupport LiveAgent liveagent allows Cross Site Request Forgery.This issue affects LiveAgent: from n/a through <= 4.4.7. |
| Cross-Site Request Forgery (CSRF) vulnerability in Blackbam TinyMCE Advanced qTranslate fix editor problems tinymce-advanced-qtranslate-fix-editor-problems allows Stored XSS.This issue affects TinyMCE Advanced qTranslate fix editor problems: from n/a through <= 1.0.0. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Travis Ballard TBTestimonials tb-testimonials allows Reflected XSS.This issue affects TBTestimonials: from n/a through <= 1.7.3. |
| The TI WooCommerce Wishlist plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 2.10.0. This is due to the plugin accepting hidden fields and not limiting the values or data that can input and is later output. This makes it possible for unauthenticated attackers to inject arbitrary HTML into wishlist items. |
| Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DyadyaLesha DL Leadback dl-leadback allows Reflected XSS.This issue affects DL Leadback: from n/a through <= 1.2.1. |
| A missing authentication vulnerability was reported in some Lenovo printers that could allow a user to view limited device information or modify network settings via the CUPS service. |
| Zohocorp ManageEngine OpManager, NetFlow Analyzer, and OpUtils versions prior to 128582 are affected by a stored cross-site scripting vulnerability in the Subnet Details. |
| Improper access control in some Intel(R) ME driver pack installer engines before version 2422.6.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in abelony Events Planner events-planner allows Reflected XSS.This issue affects Events Planner: from n/a through <= 1.3.10. |
| Poppler 24.06.1 through 25.x before 25.04.0 allows stack consumption and a SIGSEGV via deeply nested structures within the metadata (such as GTS_PDFEVersion) of a PDF document, e.g., a regular expression for a long pdfsubver string. This occurs in Dict::lookup, Catalog::getMetadata, and associated functions in PDFDoc, with deep recursion in the regex executor (std::__detail::_Executor). |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cristopher Dino IE CSS3 Support ie-css3-support allows Reflected XSS.This issue affects IE CSS3 Support: from n/a through <= 2.0.1. |
| Buffer overflow vulnerability exists in FutureNet AS series (Industrial Routers) and FA series (Protocol Conversion Machine) provided by Century Systems Co., Ltd. If this vulnerability is exploited, a remote unauthenticated attacker may reboot the device by sending a specially crafted request. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor Alam WP fancybox wp-fancybox allows Stored XSS.This issue affects WP fancybox: from n/a through <= 1.0.3. |
| The optional feature 'Anti-Virus & Sandbox' of i-FILTER contains an issue with improper pattern file validation. If exploited, the product may treat an unauthorized pattern file as an authorized. If the product uses a specially crafted pattern file, information in the server where the product is running may be retrieved, and/or cause a denial of service (DoS) condition. |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Lab lab allows PHP Local File Inclusion.This issue affects Lab: from n/a through <= 1.0.0. |
| The WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'optionUpdater' function in all versions up to, and including, 14.13.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary plugin settings. |
