7.6
CVE-2025-24017 - YesWiki Vulnerable to Unauthenticated DOM Based XSS
YesWiki is a wiki system written in PHP. Versions up to and including 4.4.5 are vulnerable to any end-user crafting a DOM based XSS on all of YesWiki's pages which is triggered when a user clicks on a malicious link. The vulnerability makes use of the search by tag feature. When a tag doesn't existโฆ
4.6
CVE-2025-24012 - Umbraco Backoffice Components Have XSS/HTML Injection Vulnerability
Umbraco is a free and open source .NET content management system. Starting in version 14.0.0 and prior to versions 14.3.2 and 15.1.2, authenticated users are able to exploit a cross-site scripting vulnerability when viewing certain localized backoffice components. Versions 14.3.2 and 15.1.2 containโฆ
5.3
CVE-2025-24011 - Umbraco CMS Vulnerable to User Enumeration Feasible Based On Management API Timing and Response Codโฆ
Umbraco is a free and open source .NET content management system. Starting in version 14.0.0 and prior to versions 14.3.2 and 15.1.2, it's possible to determine whether an account exists based on an analysis of response codes and timing of Umbraco management API responses. Versions 14.3.2 and 15.1.โฆ
7.5
CVE-2025-0377 - HashiCorp go-slug Vulnerable to Zip Slip Attack
HashiCorpโs go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry.
8.2
CVE-2024-53829 - Cross-Site Request Forgery in CodeChecker API
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Cross-site request forgery allows an unauthenticated attacker to hijack the authentication of a logged in user, and use the web API with the same permissions,ย including but not liโฆ
0.0
CVE-2025-24001 - WordPress PPO Call To Actions plugin <= 0.1.3 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Ngรด Thแบฏng IT PPO Call To Actions ppo-call-to-actions allows Cross Site Request Forgery.This issue affects PPO Call To Actions: from n/a through <= 0.1.3.
6.1
CVE-2025-23998 - WordPress UltraLight theme <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in raratheme UltraLight the-ultralight allows Reflected XSS.This issue affects UltraLight: from n/a through <= 1.2.
0.0
CVE-2025-23997 - WordPress Tamara Checkout plugin < 1.9.9.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tamara Solution Tamara Checkout tamara-checkout allows Stored XSS.This issue affects Tamara Checkout: from n/a through < 1.9.9.1.
0.0
CVE-2025-22825 - WordPress Flexible PDF Coupons plugin < 1.10.3 - Stored Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdesk Flexible PDF Coupons flexible-coupons allows Stored XSS.This issue affects Flexible PDF Coupons: from n/a through < 1.10.3.
0.0
CVE-2025-22733 - WordPress My auctions allegro Plugin <= 3.6.18 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows Reflected XSS.This issue affects My auctions allegro: from n/a through <= 3.6.18.