For providers

Incorrect validation of files loaded from a local untrusted directory may allow local privilege escalation if the underlying operating systems is Windows. This may result in the application...

The Modern Events Calendar plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.12.1 via the 'mec_fes_form' AJAX function. This makes...

Incorrect User Management vulnerability in Naukowa i Akademicka Sie? Komputerowa - Pa?stwowy Instytut Badawczy EZD RP allows logged-in user to change the password of any user, including root user,...

Incorrect User Management vulnerability in Naukowa i Akademicka Sie? Komputerowa - Pa?stwowy Instytut Badawczy EZD RP allows logged-in user to list all users in the system, including those from...

Exposure of Sensitive Information vulnerability in Naukowa i Akademicka Sie? Komputerowa - Pa?stwowy Instytut Badawczy EZD RP allows logged-in user to retrieve information about IP infrastructure...

The Accept Stripe Payments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's accept_stripe_payment_ng shortcode in all versions up to, and including, 2.0.86...

The Organization chart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title_input’ and 'node_description' parameter in all versions up to, and including, 1.5.0...

A vulnerability was found in Alien Technology ALR-F800 up to 19.10.24.00. It has been classified as critical. Affected is an unknown function of the file /var/www/cmd.php. The manipulation of the...

The House Manager WordPress plugin through 1.0.8.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used...

The WordPress File Upload WordPress plugin before 4.24.8 does not properly sanitize and escape certain parameters, which could allow unauthenticated users to execute stored cross-site scripting...