Alerts

The Eventer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'handle_pdf_download_request' function in all versions up to, and...

The Eventer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'eventer_export_bookings_csv' function in all versions up to, and...

With address book access, SMB/FTP settings could be modified, redirecting scans and possibly capturing credentials. This requires enabled scan functions and printer access.

The BoomBox Theme Extensions plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.8.0 via the 'boombox_listing' shortcode 'type'...

An issue was discovered in Open5gs v2.7.2. InitialUEMessage, Registration request sent at a specific time can crash AMF due to incorrect error handling of gmm_state_exception() function upon...

Denial of service in DNS-over-QUIC in Technitium DNS Server

ClassCMS 4.8 is vulnerable to Cross Site Scripting (XSS) in class/admin/channel.php.

Moss v0.1.3 version has an SQL injection vulnerability that allows attackers to inject carefully designed payloads into the order parameter.

ClassCMS v4.8 has a code execution vulnerability. Attackers can exploit this vulnerability by constructing a payload in the classview parameter of the model management feature, allowing them to...

ChestnutCMS