A Directory Traversal vulnerability in iceice666 ResourcePack Server before v1.0.8 allows a remote attacker to disclose files on the server, via setPath in ResourcePackFileServer.kt.

ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via eventRecord.

A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /classes/Master.php?f=view_category. Manipulating the a...

An unauthenticated remote attacker may use the devices traffic capture without authentication to grab plaintext administrative credentials.

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected web server, after a successful login, sets the session cookie on the browser, wit...

Fides is an open-source privacy engineering platform. The Fides webserver has a number of endpoints that retrieve `ConnectionConfiguration` records and their associated `secrets` which _can_ contain s...

The Media Library Assistant plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode(s) in all versions up to, and including, 3.15 due to insufficient escaping on the user suppli...

Path traversal vulnerability exists in Download Plugins and Themes from Dashboard versions prior to 1.8.6. If this vulnerability is exploited, a remote authenticated attacker with "switch_themes" priv...

IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2 and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6 could allow an authenticated user to obtain sensitive information due to insu...

IBM MQ 9.3 LTS and 9.3 CD could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further at...

IBM MQ Console 9.3 LTS and 9.3 CD could disclose could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information coul...

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation. ...

IBM OpenPages with Watson 8.3 and 9.0 could allow authenticated users access to sensitive information through improper authorization controls on APIs.

IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmi...

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) federated server 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain non default cond...

IBM Control Center 6.2.1 and 6.3.1 could allow an authenticated user to obtain sensitive information exposed through a directory listing.

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /homePro_deal.php?mudi=add&nohrefStr=close.

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/banner_deal.php?mudi=add

Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the page parameter at ip/goform/DhcpListClient.

Missing Authorization vulnerability in If So Plugin If-So Dynamic Content Personalization.This issue affects If-So Dynamic Content Personalization: from n/a through 1.7.1.

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Webvitaly iFrame allows Stored XSS.This issue affects iFrame: from n/a through 5.0.

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mervin Praison Praison SEO WordPress allows Stored XSS.This issue affects Praison SEO WordP...

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Hait Post Grid Elementor Addon allows Stored XSS.This issue affects Post Grid Elementor ...

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Popup Maker Popup Maker WP allows Stored XSS.This issue affects Popup Maker WP: from n/a th...