In isServerCertChainValid of InsecureEapNetworkHandler.java, there is a possible way to trust an imposter server due to a logic error in the code. This could lead…

In multiple functions of mem_protect.c, there is a possible way to access hypervisor memory due to a memory access check in the wrong place. This…

In processMessageImpl of ClientModeImpl.java, there is a possible credential disclosure in the TOFU flow due to a logic error in the code. This could lead…

The WP Brutal AI WordPress plugin before 2.06 does not sanitise and escape some of its settings, which could allow high privilege users such as…

The Ultimate Addons for Contact Form 7 WordPress plugin before 3.1.29 does not sanitise and escape some of its settings, which could allow high privilege…

The Elementor Website Builder WordPress plugin before 3.5.5 does not filter out user-controlled URLs from being loaded into the DOM. This could be used to…

The Horizon REST API includes a users endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerable to elevation of…

Genesys Administrator Extension (GAX) before 9.0.105.15 is vulnerable to Cross Site Scripting (XSS) via the Business Structure page of the iWD plugin, aka GAX-11261. Zafiyet…