The Splitit plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on several functions in the 'splitIt-flexfields-payment-gateway.php' file in all versions up to, and including, 4.2.8. This makes it possible for authenticated attackers, with Subscr…

The Slim SEO – Fast & Automated WordPress SEO Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's slim_seo_breadcrumbs shortcode in all versions up to, and including, 4.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. …

The Glossary by WPPedia – Best Glossary plugin for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.0 via deserialization of untrusted input from the 'posttypes' parameter. This makes it possible for authenticated attackers, with Adminis…

The Raisely Donation Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's raisely_donation_form shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for a…

Argument injection in special agent configuration in Checkmk <2.4.0p1, <2.3.0p32, <2.2.0p42 and 2.1.0 allows authenticated attackers to write arbitrary files

Stack overflow leading to DoS can be triggered by a malicious authenticated client in Clickhouse before 19.14.3.3.

Yandex Browser for Android prior to version 21.3.0 allows remote attackers to perform IDN homograph attack.

Yandex Browser Lite for Android prior to version 21.1.0 allows remote attackers to cause a denial of service.

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Yandex Browser Lite for Android before 21.1.0 allows remote attackers to spoof the address bar.