The MailChimp Forms by MailMunch plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.2.3. This makes it possible for unauthenticated attackers to inject arbitrary web scr…

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pm_remove_file_attachment() function in all versions up to, and including, 5.9.3.6. This makes it possible for authenticated attac…

The 404 Solution plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URLs in all versions up to, and including, 2.35.19 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that…

In the process of testing the SEO Plugin by Squirrly SEO WordPress plugin before 12.3.21, a vulnerability was found that allows you to implement Stored XSS on behalf of the editor by embedding malicious script, which entails account takeover backdoor

The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'action' parameter in all versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthent…

Use of hard-coded cryptographic key issue exists in "Kura Sushi Official App Produced by EPARK" for Android versions prior to 3.8.5. If this vulnerability is exploited, a local attacker may obtain the login ID and password for the affected product.

The GD bbPress Attachments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.7.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i…

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

An issue was discovered in MBed OS 6.16.0. During processing of HCI packets, the software dynamically determines the length of the packet data by reading 2 bytes from the packet header. A buffer is then allocated to contain the entire packet, the size of which is calculated as the length of the pac…

A Local File Inclusion vulnerability in Vegam Solutions Vegam 4i versions 6.3.47.0 and earlier allows a remote attacker to obtain sensitive information through the print label function. Specifically, the filePathList parameter is susceptible to LFI, enabling a malicious user to include files from t…