Alerts

A vulnerability classified as critical has been found in SourceCodester Profile Registration without Reload Refresh 1.0. This affects an unknown part of the file del.php of the component GET...

A vulnerability classified as critical was found in code-projects Blood Bank System 1.0. This vulnerability affects unknown code of the file /admin/blood/update/o-.php. The manipulation of the...

iRedAdmin before 2.6 allows XSS, e.g., via order_name.

YITH WooCommerce Ajax Search is vulnerable to a XSS vulnerability due to insufficient sanitization of user supplied block attributes. This makes it possible for Contributors+ attackers to inject...

The Quiz and Survey Master (QSM) WordPress plugin before 9.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site...

Bypass of two factor authentication in RestAPI in Checkmk < 2.3.0p16 and < 2.2.0p34 allows authenticated users to bypass two factor authentication

Xiaomi Router AX9000 has a post-authorization command injection vulnerability. This vulnerability is caused by the lack of validation of user input, and an attacker can exploit this vulnerability...

Local active protection service settings manipulation due to unnecessary privileges assignment. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows, macOS) before build...

In the Linux kernel, the following vulnerability has been resolved: media: vivid: fix compose size exceed boundary syzkaller found a bug: BUG: unable to handle page fault for address:...

Incorrect Default Permissions vulnerability in Apache Tomcat Connectors allows local users to view and modify shared memory containing mod_jk configuration which may lead to information disclosure...