Source
CVE
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Bainternet ShortCodes UI plugin <= 1.9.8 versions.
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Post Sliders & Post Grids plugin <= 1.0.20 versions.
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Vyas Dipen Top 25 Social Icons plugin <= 3.1 versions.
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Martin Gibson IdeaPush plugin <= 8.52 versions.
A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system enables a local attacker to execute programs with elevated privileges if the attacker has shell access to the engine.
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in sahumedia SAHU TikTok Pixel for E-Commerce plugin <= 1.2.2 versions.
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in GARY JEZORSKI CloudNet360 plugin <= 3.2.0 versions.
Microweber CMS version 2.0.1 is vulnerable to stored Cross Site Scripting (XSS) via the profile picture file upload functionality.
In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the buffer was identified. Reported by Jason Geffner.
An incorrect permission assignment in the TopoGrafix DataPlugin for GPX could result in information disclosure. An attacker could exploit this vulnerability by getting a user to open a specially crafted data file.