Cross-Site Request Forgery (CSRF) in GitHub repository squidex/squidex prior to 7.4.0.

The GS Books Showcase WordPress plugin before 1.3.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could a...

A malicious / defective bluetooth controller can cause buffer overreads in the most functions that process HCI command responses.

The Greenshift WordPress plugin before 5.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the ...

The Easy Affiliate Links WordPress plugin before 3.7.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embedded, which could allow ...

Path Traversal: '\..\filename' in GitHub repository froxlor/froxlor prior to 2.0.0.

The Amazon JS WordPress plugin through 0.10 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow use...

The Judge.me Product Reviews for WooCommerce WordPress plugin before 1.3.21 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode...

A flaw in the input validation in TOBY-L2 allows a user to execute arbitrary operating system commands using specifically crafted AT commands. This vulnerability requires physical access to the serial...

Improper Validation of Certificate with Host Mismatch vulnerability in Gotham Chat IRC helper of Palantir Gotham allows A malicious attacker in a privileged network position could abuse this to perfor...

A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under specific circumstances which could allow unauthorized access.

A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under specific circumstances which could allow unauthorized access.

An issue was discovered in IO FinNet tss-lib before 2.0.0. The parameter ssid for defining a session id is not used through the MPC implementation, which makes replaying and spoofing of messages easie...

The Blog Designer WordPress plugin before 2.4.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scr...

An Information disclosure vulnerability in /be/rpc.php in Jedox GmbH Jedox 2020.2.5 allow remote, authenticated users with permissions to modify database connections to disclose a connections' clearte...

The Simple File Downloader WordPress plugin through 1.0.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which c...

Razer Synapse before 3.7.0830.081906 allows privilege escalation due to an unsafe installation path, improper privilege management, and improper certificate validation. Attackers can place malicious D...

The Post Views Count WordPress plugin through 3.0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could a...

The GigPress WordPress plugin before 2.3.28 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow use...

The Lightbox Gallery WordPress plugin before 0.9.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could al...

Ericsson Network Manager (ENM), versions prior to 22.1, contains a vulnerability in the application Network Connectivity Manager (NCM) where improper Neutralization of Formula Elements in a CSV File c...

An attacker having physical access to WDM can plug USB device to gain access and execute unwanted commands. A malicious user could enter a system command along with a backup configuration, which could...

The Better Font Awesome WordPress plugin before 2.0.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could...

The Widgets on Pages WordPress plugin before 1.8.0 does not validate and escape its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contribu...