7.6
CVE-2025-24018 - YesWiki Vulnerable to Authenticated Stored XSS
YesWiki is a wiki system written in PHP. In versions up to and including 4.4.5, it is possible for an authenticated user with rights to edit/create a page or comment to trigger a stored XSS which will be reflected on any page where the resource is loaded. The vulnerability makes use of the content โฆ
2.4
CVE-2024-45687 - HTTP Server incorrectly accepting disallowed characters within header values
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') vulnerability in Payara Platform Payara Server (Grizzly, REST Management Interface modules), Payara Platform Payara Micro (Grizzly modules) allows Manipulating State, Identity Spoofing.This issue affects Pโฆ
0.0
CVE-2025-0623 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
7.6
CVE-2025-24017 - YesWiki Vulnerable to Unauthenticated DOM Based XSS
YesWiki is a wiki system written in PHP. Versions up to and including 4.4.5 are vulnerable to any end-user crafting a DOM based XSS on all of YesWiki's pages which is triggered when a user clicks on a malicious link. The vulnerability makes use of the search by tag feature. When a tag doesn't existโฆ
4.6
CVE-2025-24012 - Umbraco Backoffice Components Have XSS/HTML Injection Vulnerability
Umbraco is a free and open source .NET content management system. Starting in version 14.0.0 and prior to versions 14.3.2 and 15.1.2, authenticated users are able to exploit a cross-site scripting vulnerability when viewing certain localized backoffice components. Versions 14.3.2 and 15.1.2 containโฆ
5.3
CVE-2025-24011 - Umbraco CMS Vulnerable to User Enumeration Feasible Based On Management API Timing and Response Codโฆ
Umbraco is a free and open source .NET content management system. Starting in version 14.0.0 and prior to versions 14.3.2 and 15.1.2, it's possible to determine whether an account exists based on an analysis of response codes and timing of Umbraco management API responses. Versions 14.3.2 and 15.1.โฆ
7.5
CVE-2025-0377 - HashiCorp go-slug Vulnerable to Zip Slip Attack
HashiCorpโs go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry.
8.2
CVE-2024-53829 - Cross-Site Request Forgery in CodeChecker API
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Cross-site request forgery allows an unauthenticated attacker to hijack the authentication of a logged in user, and use the web API with the same permissions,ย including but not liโฆ
7.1
CVE-2025-24001 - WordPress PPO Call To Actions plugin <= 0.1.3 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Ngรด Thแบฏng IT PPO Call To Actions ppo-call-to-actions allows Cross Site Request Forgery.This issue affects PPO Call To Actions: from n/a through <= 0.1.3.
7.1
CVE-2025-23998 - WordPress UltraLight theme <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in raratheme UltraLight the-ultralight allows Reflected XSS.This issue affects UltraLight: from n/a through <= 1.2.