5.4
CVE-2024-12211 -
Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an Stored XSS issue with profile.
8.4
CVE-2024-52333 -
An improper array index validation vulnerability exists in the determineMinMax functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.
8.4
CVE-2024-47796 -
An improper array index validation vulnerability exists in the nowindow functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.
4.9
CVE-2024-11736 - Org.keycloak:keycloak-quarkus-server: unrestricted admin use of system and environment variables
A vulnerability was found in Keycloak. Admin users may have to access sensitive server environment variables and system properties through user-configurable URLs. When configuring backchannel logout URLs or admin URLs, admin users can include placeholders like ${env.VARNAME} or ${PROPNAME}. The serβ¦
7.1
CVE-2024-56065 - WordPress WP2LEADS Plugin <= 3.4.2 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saleswonder Team: Tobias WP2LEADS wp2leads allows Reflected XSS.This issue affects WP2LEADS: from n/a through <= 3.4.2.
7.1
CVE-2024-56301 - WordPress Distance Based Shipping Calculator Plugin <= 2.0.21 - Reflected Cross Site Scripting (XSSβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in enituretechnology Distance Based Shipping Calculator distance-based-shipping-calculator allows Reflected XSS.This issue affects Distance Based Shipping Calculator: from n/a through <= 2.0.21.
4.3
CVE-2025-22800 - WordPress Post SMTP plugin <= 2.9.11 - Broken Access Control vulnerability
Missing Authorization vulnerability in Saad Iqbal Post SMTP post-smtp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post SMTP: from n/a through <= 2.9.11.
7.1
CVE-2025-22314 - WordPress Food Store plugin <= 1.5.4 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Scripts Food Store β Online Food Delivery & Pickup food-store allows Reflected XSS.This issue affects Food Store β Online Food Delivery & Pickup: from n/a through <= 1.5.4.
7.1
CVE-2025-22337 - WordPress Order Audit Log for WooCommerce plugin <= 2.0 - Reflected Cross Site Scripting (XSS) vulβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in infosoftplugin Order Audit Log for WooCommerce order-audit-log-for-woocommerce allows Reflected XSS.This issue affects Order Audit Log for WooCommerce: from n/a through <= 2.0.
7.1
CVE-2025-22344 - WordPress Media Category Library plugin <= 2.7 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in timmcdaniels Media Category Library media-category-library allows Reflected XSS.This issue affects Media Category Library: from n/a through <= 2.7.