For providers

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Anshul Sojatia Scan External Links allows Reflected XSS.This issue affects Scan...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Detlef Stöver WPEX Replace DB Urls allows Reflected XSS.This issue affects WPEX...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scanventory.net Scanventory allows Reflected XSS.This issue affects Scanventory: from...

Deserialization of Untrusted Data vulnerability in GiveWP GiveWP allows Object Injection.This issue affects GiveWP: from n/a through 3.19.3.

Missing Authorization vulnerability in Post SMTP Post SMTP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post SMTP: from n/a through 2.9.11.

An improper array index validation vulnerability exists in the nowindow functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can...

An improper array index validation vulnerability exists in the determineMinMax functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can...

Teedy through 1.11 allows CSRF for account takeover via POST /api/user/admin.

Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an Stored XSS issue with profile.

An issue was discovered in Samsung Mobile Processor Exynos 9820, 9825, 980, 990, 850, 1080, 2100, and 1280. Lack of a length check leads to a stack out-of-bounds write at loadOutputBuffers.