| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Missing sanitation of inputs allowed arbitrary users to conduct a stored XSS attack that triggers for users that view a certain project |
| A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher which allows users to watch resources they are not allowed to access, when they have at least some generic permissions on the type.
This issue affects rancher: before 2175e09, before 6e30359, before c744f0b. |
| Cross-Site Request Forgery (CSRF) vulnerability in Shambhu Patnaik WP Flipkart Importer wp-flipkart-importer allows Stored XSS.This issue affects WP Flipkart Importer: from n/a through <= 1.4. |
| User Interface (UI) Misrepresentation of Critical Information vulnerability in DocuSeal allows Content Spoofing.Displayed version does not show the layer flattened version, once download, If printed (e.g. via Google Chrome -> Examine the print preview): Will render the vulnerability only, not all layers are flattened.
This issue affects DocuSeal: through 1.8.1, >1.8.1. |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Brecht WP Recipe Maker wp-recipe-maker allows Code Injection.This issue affects WP Recipe Maker: from n/a through < 10.1.0. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MetricThemes Header Footer Composer for Elementor header-footer-composer allows DOM-Based XSS.This issue affects Header Footer Composer for Elementor: from n/a through <= 1.0.4. |
| Improper permission settings for mobile applications (com.transsion.carlcare) may lead to user password and account security risks. |
| Cross-Site Request Forgery (CSRF) vulnerability in Lars Schenk Responsive Flickr Gallery responsive-flickr-gallery allows Stored XSS.This issue affects Responsive Flickr Gallery: from n/a through <= 1.3.1. |
| : External Control of File Name or Path vulnerability in TAGFREE X-Free Uploader XFU allows : Parameter Injection.This issue affects X-Free Uploader: from 1.0.1.0084 before 1.0.1.0085, from 2.0.1.0034 before 2.0.1.0035. |
| Cross-Site Request Forgery (CSRF) vulnerability in sroyalty Admin SMS Alert admin-sms-alert allows Stored XSS.This issue affects Admin SMS Alert: from n/a through <= 1.1.0. |
| Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Hancom Inc. Hancom Office 2018, Hancom Inc. Hancom Office 2020, Hancom Inc. Hancom Office 2022, Hancom Inc. Hancom Office 2024 allows File Content Injection.This issue affects Hancom Office 2018: before 10.0.0.12681; Hancom Office 2020: before 11.0.0.8916; Hancom Office 2022: before 12.0.0.4426; Hancom Office 2024: before 13.0.0.3050. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cartpauj Shortcode Redirect shortcode-redirect allows Stored XSS.This issue affects Shortcode Redirect: from n/a through <= 1.0.02. |
| Cross-Site Request Forgery (CSRF) vulnerability in Matt Rude MDR Webmaster Tools mdr-webmaster-tools allows Stored XSS.This issue affects MDR Webmaster Tools: from n/a through <= 1.1. |
| Cross-Site Request Forgery (CSRF) vulnerability in Juan Camilo Advanced PDF Generator advanced-pdf-generator allows Stored XSS.This issue affects Advanced PDF Generator: from n/a through <= 0.4.0. |
| Cross-Site Request Forgery (CSRF) vulnerability in ivan9146 Seo Free seo-free allows Stored XSS.This issue affects Seo Free: from n/a through <= 1.4. |
| Cross-Site Request Forgery (CSRF) vulnerability in ragaskar Amazon Associate Filter amazon-associate-filter allows Stored XSS.This issue affects Amazon Associate Filter: from n/a through <= 0.4. |
| Cross-Site Request Forgery (CSRF) vulnerability in samwilson Addressbook addressbook allows Stored XSS.This issue affects Addressbook: from n/a through <= 1.1.3. |
| The ARMember Premium plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.7. This is due to incorrectly implemented nonce validation function on multiple functions. This makes it possible for unauthenticated attackers to modify, or delete user meta and plugin options which can lead to limited privilege escalation. |
| Finit is a fast init for Linux systems. Versions starting from 3.0-rc1 and prior to version 4.11 bundle an implementation of getty for the `tty` configuration directive that can bypass `/bin/login`, i.e., a user can log in as any user without authentication. This issue has been patched in version 4.11. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Travel WP Travel Gutenberg Blocks wp-travel-blocks allows Stored XSS.This issue affects WP Travel Gutenberg Blocks: from n/a through <= 3.6.0. |
