Missing Authorization vulnerability in pluginoptimizer Plugin Optimizer plugin-optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Plugin Optimizer: from n/a through <= 1.3.7.

CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

CWE-434 Unrestricted Upload of File with Dangerous Type

CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

A security flaw has been discovered in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. This vulnerability affects unknown code of the file /admin/editposts.php. Performing manipulation of the argument image results in unrestricted upload. The attack may be initiated remotel…

A vulnerability was identified in code-projects Assessment Management 1.0. This affects an unknown part of the file login.php. Such manipulation of the argument userid leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used.

Meshtastic is an open source mesh networking solution. The Meshtastic firmware (starting from version 2.5) introduces asymmetric encryption (PKI) for direct messages, but when the `pki_encrypted` flag is missing, the firmware silently falls back to legacy AES-256-CTR channel encryption. This was an…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codeaffairs Wp Text Slider Widget wp-text-slider-widget allows Stored XSS.This issue affects Wp Text Slider Widget: from n/a through <= 1.0.

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in reDim GmbH CookieHint WP cookiehint-wp allows PHP Local File Inclusion.This issue affects CookieHint WP: from n/a through <= 1.0.0.