CYBR International Malware Information Sharing Platform (MISP)
The MISP is a threat intelligence aggregator that updates the community about evolving threats and vulnerabilities. The MISP may be imported as a threat intelligence data feed into existing cyber security threat analysis and reporting solutions.
| DataType | ProblemTypes | Impact | Publishdate | |
|---|---|---|---|---|
Threat detailsA SQL Injection vulnerability in dingfanzuCMS v.1.0 allows a attacker to execute arbitrary code via not filtering the content correctly at the "operateOrder.php" id parameter. | CVE | 04-22-2025 | ||
Threat detailscode-gen <=2.0.6 is vulnerable to Incorrect Access Control. The project does not have permission control allowing anyone to access such projects. | CVE | 04-22-2025 | ||
Threat detailsIn PeaZip through 10.4.0, there is a Mark-of-the-Web Bypass Vulnerability. This vulnerability allows attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of PeaZip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, PeaZip does not propagate the Mark-of-the-Web to the extracted files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. | CVE | CWE-829 | LOCAL: LOW | 04-22-2025 |
Threat detailsA path traversal vulnerability in Commvault Command Center Innovation Release allows an unauthenticated actor to upload ZIP files, which, when expanded by the target server, result in Remote Code Execution. This issue affects Command Center Innovation Release: 11.38. | CVE | LOW | 04-22-2025 | |
Threat detailsIBM WebSphere Application Server 8.5 and 9.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | CVE | CWE-918 | NETWORK: LOW | 04-22-2025 |
Threat detailsAn issue in UPF in Open5GS UPF versions up to v2.7.2 results an assertion failure vulnerability in PFCP session parameter validation. When processing a PFCP Session Establishment Request with PDN Type=0, the UPF fails to handle the invalid value propagated from SMF (or via direct attack), triggering a fatal assertion check and causing a daemon crash. | CVE | LOW | 04-22-2025 | |
Threat detailsSourcecodester Online ID Generator System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at id_generator/admin/?page=templates/manage_template&id=1. | CVE | LOW | 04-22-2025 | |
Threat detailsSourcecodester Online ID Generator System 1.0 was discovered to contain Stored Cross Site Scripting (XSS) via id_generator/classes/Users.php?f=save, and the point of vulnerability is in the POST parameter 'firstname' and 'lastname'. | CVE | LOW | 04-22-2025 | |
Threat detailsSourcecodester Online ID Generator System 1.0 was discovered to contain an arbitrary file upload vulnerability via id_generator/classes/Users.php?f=save. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | CVE | LOW | 04-22-2025 | |
Threat detailsSourcecodester Online ID Generator System 1.0 was discovered to contain a SQL injection vulnerability via the template parameter at id_generator/admin/?page=generate&template=4. | CVE | LOW | 04-22-2025 | |
Threat detailsSourcecodester Online ID Generator System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at id_generator/admin/?page=generate/index&id=1. | CVE | LOW | 04-22-2025 | |
Threat detailsSourcecodester Online ID Generator System 1.0 was discovered to contain an arbitrary file upload vulnerability via id_generator/classes/SystemSettings.php?f=update_settings. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | CVE | LOW | 04-22-2025 | |
Threat detailsSourcecodester Online ID Generator System 1.0 was discovered to contain Stored Cross Site Scripting (XSS) via id_generator/classes/SystemSettings.php?f=update_settings, and the point of vulnerability is in the POST parameter 'short_name'. | CVE | LOW | 04-22-2025 | |
Threat detailsTotolink N600R v4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the macCloneMac parameter in the setWanConfig function. | CVE | LOW | 04-22-2025 | |
Threat detailsTOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the pin parameter in the function setWiFiWpsConfig. | CVE | LOW | 04-22-2025 | |
Threat detailsA vulnerability has been found in TOTOLINK A3700R 9.1.2u.5822_B20200513 and classified as critical. Affected by this vulnerability is the function setSmartQosCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | CVE | NVD-CWE-Other | LOW | 04-22-2025 |
Threat detailsA vulnerability, which was classified as critical, was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Affected is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | CVE | NVD-CWE-Other | LOW | 04-22-2025 |
Threat detailsA vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. It has been declared as critical. Affected by this vulnerability is the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | CVE | NVD-CWE-Other | LOW | 04-22-2025 |
Threat details | CVE | LOW | 04-22-2025 | |
Threat details | CVE | LOW | 04-22-2025 | |
| CVE | LOW | 04-22-2025 | ||
Threat details | CVE | LOW | 04-22-2025 | |
Threat details | CVE | LOW | 04-22-2025 | |
Threat details | CVE | LOW | 04-22-2025 | |
Threat detailsA vulnerability was found in Tenda AC15 up to 15.03.05.19 and classified as critical. This issue affects the function fromSetWirelessRepeat of the file /goform/WifiExtraSet. The manipulation of the argument mac leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | CVE | CWE-120 | NETWORK: LOW | 04-22-2025 |
Threat detailsAn issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the Upload function. | CVE | LOW | 04-22-2025 | |
Threat detailsAn issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the Travel Ideas" function. | CVE | LOW | 04-22-2025 | |
Threat detailsAn issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the my-contacts-settings component. | CVE | LOW | 04-22-2025 | |
Threat detailsAn issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the create Notes function. | CVE | LOW | 04-22-2025 | |
Threat detailsTOTOLINK A810R V4.1.2cu.5182_B20201026 was discovered to contain a hardcoded password for the telnet service in product.ini. | CVE | LOW | 04-22-2025 | |
Threat detailsTOTOLINK A810R V4.1.2cu.5182_B20201026 and A950RG V4.1.2cu.5161_B20200903 were found to contain a pre-auth remote command execution vulnerability in the setDiagnosisCfg function through the ipDomain parameter. | CVE | LOW | 04-22-2025 | |
Threat detailsTOTOLINK A810R V4.1.2cu.5182_B20201026 was discovered to contain a stack overflow via the startTime and endTime parameters in setParentalRules function. | CVE | LOW | 04-22-2025 | |
Threat detailsImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon BAM (Boolean KPi Listing modules) allows SQL Injection. This page is only accessible to authenticated users with high privileges. This issue affects Centreon BAM: from 24.10 before 24.10.1, from 24.04 before 24.04.5, from 23.10 before 23.10.10, from 23.04 before 23.04.10. | CVE | LOW | 04-22-2025 | |
Threat details | CVE | LOW | 04-22-2025 | |
Threat detailsNVIDIA NeMo Framework contains a vulnerability where a user could cause an improper control of generation of code by remote code execution. A successful exploit of this vulnerability might lead to code execution and data tampering. | CVE | CWE-94 | LOW | 04-22-2025 |
Threat detailsNVIDIA NeMo Framework contains a vulnerability where an attacker could cause an improper limitation of a pathname to a restricted directory by an arbitrary file write. A successful exploit of this vulnerability might lead to code execution and data tampering. | CVE | CWE-22 | LOW | 04-22-2025 |
Threat detailsNVIDIA NeMo Framework contains a vulnerability where a user could cause a deserialization of untrusted data by remote code execution. A successful exploit of this vulnerability might lead to code execution and data tampering. | CVE | CWE-502 | LOW | 04-22-2025 |
Threat detailsAn issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct HTTP request smuggling via a crafted HEAD request. | CVE | LOW | 04-22-2025 | |
Threat detailsIn Rollback Rx Professional 12.8.0.0, the driver file shieldm.sys allows local users to cause a denial of service because of a null pointer dereference from IOCtl 0x96202000. | CVE | LOW | 04-22-2025 | |
| CVE | CWE-89 | LOW | 04-22-2025 | |
Threat detailsIBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3.1050.0 could allow a local user to execute commands as a privileged user due to execution of commands with unnecessary privileges. | CVE | CWE-250 | LOCAL: LOW | 04-22-2025 |
Threat detailsIBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3.1050.0 could allow a local user to execute commands locally due to improper validation of libraries of an untrusted source. | CVE | CWE-114 | LOCAL: LOW | 04-22-2025 |
Threat detailsThe User Registration & Membership WordPress plugin before 4.1.3 does not properly validate data in an AJAX action when the Membership Addon is enabled, allowing attackers to authenticate as any user, including administrators, by simply using the target account's user ID. | CVE | LOW | 04-22-2025 | |
Threat details | CVE | LOW | 04-22-2025 | |
Threat detailsA credential exposure vulnerability in Electrolink 500W, 1kW, 2kW Medium DAB Transmitter Web v01.09, v01.08, v01.07, and Display v1.4, v1.2 allows unauthorized attackers to access credentials in plaintext. | CVE | LOW | 04-22-2025 | |
Threat detailsThe Front End Users WordPress plugin through 3.2.32 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | CVE | LOW | 04-22-2025 | |
Threat detailsNautel VX Series transmitters VX SW v6.4.0 and below was discovered to contain a remote code execution (RCE) vulnerability in the firmware update process. This vulnerability allows attackers to execute arbitrary code via supplying a crafted update package to the /#/software/upgrades endpoint. | CVE | LOW | 04-22-2025 | |
Threat detailsAn information disclosure vulnerability in the component /socket.io/1/websocket/ of Soundcraft Ui Series Model(s) Ui12 and Ui16 Firmware v1.0.7x and v1.0.5x allows attackers to access Administrator credentials in plaintext. | CVE | LOW | 04-22-2025 | |
Threat detailsHazelcast Management Center through 6.0 allows remote code execution via a JndiLoginModule user.provider.url in a hazelcast-client XML document (aka a client configuration file), which can be uploaded at the /cluster-connections URI. | CVE | LOW | 04-22-2025 | |
Threat detailsIncorrect access control in BW Broadcast TX600 (14980), TX300 (32990) (31448), TX150, TX1000, TX30, and TX50 Hardware Version: 2, Software Version: 1.6.0, Control Version: 1.0, AIO Firmware Version: 1.7 allows attackers to access log files and extract session identifiers to execute a session hijacking attack. | CVE | LOW | 04-22-2025 | |
Threat detailsPycel through 1.0b30, when operating on an untrusted spreadsheet, allows code execution via a crafted formula in a cell, such as one beginning with the =IF(A1=200, eval("__import__('os').system( substring. | CVE | LOW | 04-22-2025 | |
Threat detailsIncorrect access control in Itel Electronics IP Stream v1.7.0.6 allows unauthorized attackers to execute arbitrary commands with Administrator privileges. | CVE | LOW | 04-22-2025 | |
Threat detailsAn access control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows deleted users to retain access to system resources due to improper session invalidation and stale token handling. When an administrator deletes a user account, the backend fails to terminate active sessions and revoke associated API tokens, enabling unauthorized access to restricted functions. | CVE | LOW | 04-22-2025 | |
Threat detailsAn issue in DataPatrol Screenshot watermark, printing watermark agent v.3.5.2.0 allows a physically proximate attacker to obtain sensitive information | CVE | LOW | 04-22-2025 | |
Threat detailsTOTOLINK X18 v9.1.0cu.2024_B20220329 has an unauthorized arbitrary command execution in the enable parameter' of the sub_41105C function of cstecgi .cgi. | CVE | LOW | 04-22-2025 | |
Threat detailsIncorrect access control in the HOME.php endpoint of JMBroadcast JMB0150 Firmware v1.0 allows attackers to access the Admin panel without authentication. | CVE | LOW | 04-22-2025 | |
Threat detailsIncorrect access control in JMBroadcast JMB0150 Firmware v1.0 allows attackers to access hardcoded administrator credentials. | CVE | LOW | 04-22-2025 | |
Threat detailsIncorrect access control in Orban OPTIMOD 5950 Firmware v1.0.0.2 and System v2.2.15 allows attackers to bypass authentication and gain Administrator privileges. | CVE | LOW | 04-22-2025 | |
Threat detailsNEXTU FLETA AX1500 WIFI6 Router v1.0.3 was discovered to contain a stack overflow via the url parameter at /boafrm/formFilter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | CVE | LOW | 04-22-2025 | |
Threat detailsImproper session management in Elber REBLE310 Firmware v5.5.1.R , Equipment Model: REBLE310/RX10/4ASI allows attackers to execute a session hijacking attack. | CVE | LOW | 04-22-2025 | |
Threat detailsImproper session management in the /login_ok.htm endpoint of DAEnetIP4 METO v1.25 allows attackers to execute a session hijacking attack. | CVE | LOW | 04-22-2025 | |
Threat detailsAn issue in WorldCast Systems ECRESO FM/DAB/TV Transmitter v1.10.1 allows authenticated attackers to escalate privileges via a crafted JSON payload. | CVE | LOW | 04-22-2025 | |
Threat detailsA vulnerability in the HPE Performance Cluster Manager (HPCM) GUI could allow an attacker to bypass authentication. | CVE | LOW | 04-22-2025 | |
| CVE | LOW | 04-22-2025 | ||
Threat detailsAn issue in redoxOS relibc before commit 98aa4ea5 allows a local attacker to cause a denial of service via the setsockopt function. | CVE | LOW | 04-22-2025 | |
Threat details**UNSUPPORTED WHEN ASSIGNED** A path traversal vulnerability in the web management interface of the Zyxel AMG1302-T10B firmware version 2.00(AAJC.16)C0 could allow an authenticated attacker with administrator privileges to access restricted directories by sending a crafted HTTP request to an affected device. | CVE | LOW | 04-22-2025 | |
Threat detailsTOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a pre-auth remote command execution vulnerability in the NTPSyncWithHost function through the hostTime parameter. | CVE | LOW | 04-22-2025 | |
Threat details | CVE | LOW | 04-22-2025 | |
Threat detailsTOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 contain a pre-auth buffer overflow vulnerability in the setNoticeCfg function through the IpForm parameter. | CVE | LOW | 04-22-2025 | |
Threat detailsTOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a pre-auth buffer overflow vulnerability in the setNoticeCfg function through the IpTo parameter. | CVE | LOW | 04-22-2025 | |
Threat detailsDirectory Traversal vulnerability in forkosh Mime Tex before v.1.77 allows an attacker to execute arbitrary code via a crafted file upload | CVE | LOW | 04-22-2025 | |
| CVE | CWE-79 | LOW | 04-22-2025 | |
Threat detailsThe Ocean Extra plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.4.6. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes when WooCommerce is also installed and activated. | CVE | CWE-94 | NETWORK: LOW | 04-22-2025 |
Threat detailsThe Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ocean_gallery_id’ parameter in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The Classic Editor plugin must be installed and activated to exploit the vulnerability. | CVE | CWE-79 | NETWORK: LOW | 04-22-2025 |
Threat detailsThe Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'oceanwp_icon' shortcode in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | CVE | CWE-79 | NETWORK: LOW | 04-22-2025 |
Threat detailsInsertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p29, <2.2.0p41 and <=2.1.0p49 (EOL) causes remote site authentication secrets to be written to log files accessible to administrators. | CVE | LOW | 04-22-2025 | |
Threat detailsThe Memberpress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.11.37 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator. | CVE | CWE-200 | NETWORK: LOW | 04-22-2025 |
Threat detailsImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rbaer List Last Changes allows Stored XSS. This issue affects List Last Changes: from n/a through 1.2.1. | CVE | CWE-79 | LOW | 04-22-2025 |
Threat detailsCross-Site Request Forgery (CSRF) vulnerability in e4jvikwp VikRestaurants Table Reservations and Take-Away allows Cross Site Request Forgery. This issue affects VikRestaurants Table Reservations and Take-Away: from n/a through 1.3.3. | CVE | CWE-352 | LOW | 04-22-2025 |
Threat detailsCross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM Ad Changer allows Cross Site Request Forgery. This issue affects CM Ad Changer: from n/a through 2.0.5. | CVE | CWE-352 | LOW | 04-22-2025 |
Threat detailsImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Post in page for Elementor allows DOM-Based XSS. This issue affects Post in page for Elementor: from n/a through 1.0.1. | CVE | CWE-79 | LOW | 04-22-2025 |
Threat detailsImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Visual Composer Visual Composer Website Builder allows Stored XSS. This issue affects Visual Composer Website Builder: from n/a through 45.10.0. | CVE | CWE-79 | LOW | 04-22-2025 |
Threat detailsCross-Site Request Forgery (CSRF) vulnerability in sonalsinha21 Recover abandoned cart for WooCommerce allows Cross Site Request Forgery. This issue affects Recover abandoned cart for WooCommerce: from n/a through 2.2. | CVE | CWE-352 | LOW | 04-22-2025 |
Threat detailsImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ataur R GutenKit allows Stored XSS. This issue affects GutenKit: from n/a through 2.2.2. | CVE | CWE-79 | LOW | 04-22-2025 |
Threat detailsImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bob Watu Quiz allows SQL Injection. This issue affects Watu Quiz: from n/a through 3.4.3. | CVE | CWE-89 | LOW | 04-22-2025 |
Threat detailsCross-Site Request Forgery (CSRF) vulnerability in codepeople Appointment Booking Calendar allows SQL Injection. This issue affects Appointment Booking Calendar: from n/a through 1.3.92. | CVE | CWE-352 | LOW | 04-22-2025 |
Threat detailsImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kofimokome Message Filter for Contact Form 7 allows SQL Injection. This issue affects Message Filter for Contact Form 7: from n/a through 1.6.3.2. | CVE | CWE-89 | LOW | 04-22-2025 |
Threat detailsImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vikas Ratudi VForm allows Stored XSS. This issue affects VForm: from n/a through 3.1.14. | CVE | CWE-79 | LOW | 04-22-2025 |
Threat detailsImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yannick Lefebvre Link Library allows Stored XSS. This issue affects Link Library: from n/a through 7.8. | CVE | CWE-79 | LOW | 04-22-2025 |
Threat detailsCross-Site Request Forgery (CSRF) vulnerability in Michael Simple calendar for Elementor allows Cross Site Request Forgery. This issue affects Simple calendar for Elementor: from n/a through 1.6.4. | CVE | CWE-352 | LOW | 04-22-2025 |
Threat detailsMissing Authorization vulnerability in codepeople Appointment Booking Calendar allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Appointment Booking Calendar: from n/a through 1.3.92. | CVE | CWE-862 | LOW | 04-22-2025 |
Threat detailsImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeff Starr Simple Download Counter allows Stored XSS. This issue affects Simple Download Counter: from n/a through 2.2. | CVE | CWE-79 | LOW | 04-22-2025 |
Threat detailsImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeff Starr Theme Switcha allows Stored XSS. This issue affects Theme Switcha: from n/a through 3.4. | CVE | CWE-79 | LOW | 04-22-2025 |
Threat detailsImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ferranfg MPL-Publisher allows Stored XSS. This issue affects MPL-Publisher: from n/a through 2.18.0. | CVE | CWE-79 | LOW | 04-22-2025 |
Threat detailsImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brecht Custom Related Posts allows Stored XSS. This issue affects Custom Related Posts: from n/a through 1.7.4. | CVE | CWE-79 | LOW | 04-22-2025 |
Threat detailsImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bastien Ho Event post allows DOM-Based XSS. This issue affects Event post: from n/a through 5.9.11. | CVE | CWE-79 | LOW | 04-22-2025 |
Threat detailsImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Israpil Textmetrics allows Stored XSS. This issue affects Textmetrics: from n/a through 3.6.2. | CVE | CWE-79 | LOW | 04-22-2025 |
Threat detailsCross-Site Request Forgery (CSRF) vulnerability in SERVIT Software Solutions affiliate-toolkit allows Cross Site Request Forgery. This issue affects affiliate-toolkit: from n/a through 3.7.3. | CVE | CWE-352 | LOW | 04-22-2025 |
Threat detailsMissing Authorization vulnerability in alttextai Download Alt Text AI allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Download Alt Text AI: from n/a through 1.9.93. | CVE | CWE-862 | LOW | 04-22-2025 |
Threat detailsImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sirv CDN and Image Hosting Sirv allows Stored XSS. This issue affects Sirv: from n/a through 7.5.3. | CVE | CWE-79 | LOW | 04-22-2025 |
