CVE

EZ softmagic MP3 Audio Converter 2.7.3.700 was discovered to contain a buffer overflow.

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Sk. Abul Hasan Animated Number Counters plugin <= 1.6 versions.

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Spider Teams ApplyOnline plugin <= 2.5 versions.

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Swashata WP Category Post List Widget plugin <= 2.0.3 versions.

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Noël Jackson Art Direction plugin <= 0.2.4 versions.

Code-Projects Online Hospital Management System V1.0 is vulnerable to SQL Injection (SQLI) attacks, which allow an attacker to manipulate the SQL queries executed by the application. The application fails to properly validate user-supplied input in the login id and password fields during the login process, enabling an attacker to inject malicious SQL code.

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Vladimir Statsenko Terms descriptions plugin <= 3.4.4 versions.

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Teplitsa of social technologies Leyka plugin <= 3.30.2 versions.

The EmbedPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embedpress_calendar' shortcode in versions up to, and including, 3.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.