0.0
CVE-2025-23432 - WordPress AlT Report plugin <= 1.12.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AlTi5 AlT Report alt-report allows Reflected XSS.This issue affects AlT Report: from n/a through <= 1.12.0.
7.1
CVE-2025-23470 - WordPress Visit Site Link enhanced plugin <= 1.0 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in xavsio4 Visit Site Link enhanced visit-site-link-enhanced allows Stored XSS.This issue affects Visit Site Link enhanced: from n/a through <= 1.0.
7.1
CVE-2025-23467 - WordPress RSS News Scroller plugin <= 2.0.0 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in vimal.ghorecha RSS News Scroller rss-news-scroller allows Stored XSS.This issue affects RSS News Scroller: from n/a through <= 2.0.0.
4.3
CVE-2025-23423 - WordPress SendGrid for WordPress plugin <= 1.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in Smackcoders Inc., SendGrid for WordPress wp-sendgrid-mailer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SendGrid for WordPress: from n/a through <= 1.4.
8.7
CVE-2024-55954 - OpenObserve Improper Authorization Allows Admin User to Remove Root User
OpenObserve is a cloud-native observability platform. A vulnerability in the user management endpoint `/api/{org_id}/users/{email_id}` allows an "Admin" role user to remove a "Root" user from the organization. This violates the intended privilege hierarchy, enabling a non-root user to remove the hiβ¦
6.9
CVE-2024-56136 - /api/v1/jwt/fetch_api_key endpoint can leak if an email address has an account in Zulip server
Zulip server provides an open-source team chat that helps teams stay productive and focused. Zulip Server 7.0 and above are vulnerable to an information disclose attack, where, if a Zulip server is hosting multiple organizations, an unauthenticated user can make a request and determine if an email β¦
5.3
CVE-2024-36402 - Unauthenticated writes to the media repository allow planting of problematic content in Matrix Mediβ¦
Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. MMR before version 1.3.5 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then β¦
5.3
CVE-2024-36403 - Denial of service/high operating costs through unauthenticated downloads in Matrix Media Repo
Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. MMR before version 1.3.5 is vulnerable to unbounded disk consumption, where an unauthenticated adversary can induce it to download and cache large amounts of remote media files. MMR's typical operating enβ¦
5
CVE-2024-52602 - Server-Side Request Forgery (SSRF) on redirects and federation in Matrix Media Repo
Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. Matrix Media Repo (MMR) is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. This is fixed in MMR v1.3.8. Users are advised to upgrβ¦
5.3
CVE-2024-52791 - Denial of service through memory exhaustion in Matrix Media Repo
Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. MMR makes requests to other servers as part of normal operation, and these resource owners can return large amounts of JSON back to MMR for parsing. In parsing, MMR can consume large amounts of memory andβ¦