HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.

The Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 3.3.9 due to insufficient input sanitization and output escaping on user supplied attributes.…

The LUNA RADIO PLAYER plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'lunaradio' shortcode in versions up to, and including, 6.24.11.07 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacke…

Improper authorization in handler for custom URL scheme issue in 'Skylark' App for Android 6.2.13 and earlier and 'Skylark' App for iOS 6.2.13 and earlier allows an attacker to lead the application to access an arbitrary web site via another application installed on the user's device.

A vulnerability was found in 1000 Projects Library Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /brains/stu.php. The manipulation of the argument useri leads to sql injection. The attack can be launched remotely. The…

A vulnerability was found in 1000 Projects Library Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /showbook.php. The manipulation of the argument q leads to sql injection. It is possible to launch the attack remotely. The exploit has been disc…

Buffer Overflow vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via the nav2_amcl process

Buffer Overflow vulnerability in Open Robotic Operating System 2 ROS2 navigation2- ROS2-humble&& navigation2-humble allows a local attacker to execute arbitrary code via a crafted .yaml file to the nav2_amcl process

Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via the error-thrown mechanism in nav2_bt_navigator.

CyberPanel (aka Cyber Panel) before 6778ad1 does not require the FilemanagerAdmin capability for restartMySQL actions.