The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Video player widget settings in all versions up to, and including, 2.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib…

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.

October is a self-hosted CMS platform based on the Laravel PHP Framework. This issue affects authenticated administrators who may be redirected to an untrusted URL using the PageFinder schema. The resolver for the page finder link schema (`october://`) allowed external links, therefore allowing an…

A cross-site scripting (XSS) vulnerability in the component main.jsp of Lumisxp v15.0.x to v16.1.x allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the pageId parameter.

An issue was discovered on HMS Anybus X-Gateway AB7832-F 3 devices. The gateway exposes an unidentified service on port 7412 on the network. All the network services of the gateway become unresponsive after sending 85 requests to this port. The content and length of the frame does not matter. The d…

Cross Site Scripting (XSS) vulnerability in skycaiji 2.8 allows attackers to run arbitrary code via /admin/tool/preview.

Buffer Overflow vulnerability in SAS Broker 9.2 build 1495 allows attackers to cause denial of service or obtain sensitive information via crafted payload to the '_debug' parameter.

A hardcoded privileged ID within Lumisxp v15.0.x to v16.1.x allows attackers to bypass authentication and access internal pages and other sensitive information.

MAP-OS v4.45.0 and earlier was discovered to contain a cross-site scripting (XSS) vulnerability.

An issue was discovered on HMS Anybus X-Gateway AB7832-F firmware version 3. The HICP protocol allows unauthenticated changes to a device's network configurations.