For individuals

The File Away plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajax() function in all versions up to, and including, 3.9.9.0.1. This makes...

Tenda AC8V4.0 V16.03.34.06 was discovered to contain a stack overflow via the deviceid parameter in the get_parentControl_list_Info function.

Inflectra SpiraTeam 7.2.00 is vulnerable to Server-Side Request Forgery (SSRF) via the NewsReaderService. This allows an attacker to escalate privileges and obtain sensitive information.

HCL Digital Experience components Ring API and dxclient may be vulnerable to man-in-the-middle (MitM) attacks prior to 9.5 CF226. An attacker could intercept and potentially alter communication...

Improper Restriction of Excessive Authentication Attempts vulnerability in BG-TEK Coslat Hotspot allows Password Brute Forcing, Authentication Abuse.This issue affects Coslat Hotspot: before...

A cross-site scripting (XSS) vulnerability in the component /contact.php of Hospital Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...

A cross-site scripting (XSS) vulnerability in the Client Profile Update section of Mart Developers iBanking v2.0.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted...

Inflectra SpiraTeam 7.2.00 is vulnerable to Cross Site Scripting (XSS). A specially crafted SVG file can be uploaded that will render and execute JavaScript upon direct viewing.

An arbitrary file upload vulnerability in the Client Profile Update section of Mart Developers iBanking v2.0.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.

A vulnerability classified as problematic was found in D-Link DIR-618 and DIR-605L 2.02/3.02. This vulnerability affects unknown code of the file /goform/formAdvFirewall of the component Firewall...