The KiviCare WordPress plugin before 3.2.1 does not restrict the information returned in a response and returns all user data, allowing low privilege users such…

A reflected cross-site scripting (XSS) vulnerability in the zero parameter of dzzoffice 2.02.1_SC_UTF8 allows attackers to execute arbitrary web scripts or HTML. Zafiyet ile ilgili…

Incorrect access control in the component /index.php?mod=system&op=orgtree of dzzoffice 2.02.1_SC_UTF8 allows unauthenticated attackers to browse departments and usernames. Zafiyet ile ilgili Genel Bilgi, Etki ve…

The Contour Service was not checking that users had permission to create an analysis for a given dataset. This could allow an attacker to clutter…

A potential vulnerability in the LenovoFlashDeviceInterface SMI handler may allow an attacker with local access and elevated privileges to execute arbitrary code. Zafiyet ile ilgili…

Cross Site Scripting (XSS) vulnerability in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev4 allows remote attackers to run arbitrary code via upload of crafted html…

Cross Site Scripting vulnerability in jQuery v.2.2.0 thru v.3.5.0 allows a remote attacker to execute arbitrary code via the <options> element. Zafiyet ile ilgili Genel…

Cross Site Scripting vulnerabiltiy in eZ Systems AS uZPublish Platform v.5.4 and eZ Publish Legacy v.5.4 allows a remote authenticated attacker to execute arbitrary code…

Cross Site Scripting vulnerability in TinyMCE v.4.9.6 and before and v.5.0.0 thru v.5.1.4 allows an attacker to execute arbitrary code via the editor function. Zafiyet…

Server-Side Template Injection (SSTI) vulnerability in jFinal v.4.9.08 allows a remote attacker to execute arbitrary code via the template function. Zafiyet ile ilgili Genel Bilgi,…