For providers

The PowerPack Lite for Beaver Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the navigate parameter in all versions up to, and including, 1.3.0.5 due to...

Some parameters of the weather module are improperly stored, leaking some sensitive information.

A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site...

Cross-site scripting vulnerability exists in My WP Customize Admin/Frontend versions prior to ver 1.24.1. If a malicious administrative user customizes the administrative page with some malicious...

CA Client Automation (ITCM) allows non-admin/non-root users to encrypt a string using CAF CLI and SD_ACMD CLI. This would allow the non admin user to access the critical encryption keys which...

Improper authorization in handler for custom URL scheme issue in "Shonen Jump+" App for Android versions prior to 4.0.0 allows an attacker to lead a user to access an arbitrary website via the...

The WP All Import Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.9.3 due to missing SSRF protection on the pmxi_curl_download...

Locally installed application can bypass the permission check and perform system operations that require permission.

Some parameters of the alarm clock module are improperly stored, leaking some sensitive information.

CWE-1104: Use of Unmaintained Third-Party Components vulnerability exists that could cause complete control of the device when an authenticated user installs malicious code into HMI product.