DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting (mXSS).

CVSS Score : 4.5

Reference: You are not allowed to view links. Register or Login to view.

An issue was discovered in Logpoint AgentX before 1.5.0. A vulnerability caused by limited access controls allowed li-admin users to access sensitive information about AgentX Manager in a Logpoint deployment.

CVSS Score : 6.9

Reference: You are not allowed to view links. Register or Login to view.

StrongKey FIDO Server before 4.15.1 treats a non-discoverable (namedcredential) flow as a discoverable transaction.

CVSS Score : 8.4

Reference: You are not allowed to view links. Register or Login to view.

This vulnerability exists in RupeeWeb trading platform due to missing rate limiting on OTP requests in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoints which could lead to the OTP bombing/ flooding on the targeted system.

CVSS Score : 5.1

Reference: You are not allowed to view links. Register or Login to view.

This vulnerability exists in RupeeWeb trading platform due to insufficient authorization controls on certain API endpoints handling addition and deletion operations. Successful exploitation of this vulnerability could allow an authenticated remote attacker to modify information belonging to other user accounts.

CVSS Score : 7.4

Reference: You are not allowed to view links. Register or Login to view.

This vulnerability exists in RupeeWeb trading platform due to improper implementation of OTP validation mechanism in certain API endpoints. A remote attacker with valid credentials could exploit this vulnerability by manipulating API responses.

Successful exploitation of this vulnerability could allow the attacker to bypass Two-Factor Authentication (2FA) for other user accounts.

CVSS Score : 7.5

Reference: You are not allowed to view links. Register or Login to view.

musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write vulnerability when an attacker can trigger iconv conversion of untrusted EUC-KR text to UTF-8.

CVSS Score : 8.1

Reference: You are not allowed to view links. Register or Login to view.

A SQL Injection vulnerability was found in /shopping/track-orders.php in PHPGurukul Online Shopping Portal v2.1, which allows remote attackers to execute arbitrary code via orderid POST request parameter.

CVSS Score : 0.0

Reference: You are not allowed to view links. Register or Login to view.

Cross Site Scripting vulnerability in hooskcms v.1.8 allows a remote attacker to cause a denial of service via the custom Link title parameter and the Title parameter.

CVSS Score : 0.0

Reference: You are not allowed to view links. Register or Login to view.

D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the Password parameter in the SetQuickVPNSettings module.

CVSS Score : 8.8

Reference: You are not allowed to view links. Register or Login to view.

D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the PSK parameter in the SetQuickVPNSettings module.

CVSS Score : 0.0

Reference: You are not allowed to view links. Register or Login to view.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xylus Themes WP Event Aggregator allows Reflected XSS. This issue affects WP Event Aggregator: from n/a through 1.8.2.

CVSS Score : 7.1

Reference: You are not allowed to view links. Register or Login to view.

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company WP Coder allows Cross-Site Scripting (XSS). This issue affects WP Coder: from n/a through 3.6.

CVSS Score : 7.1

Reference: You are not allowed to view links. Register or Login to view.

Missing Authorization vulnerability in Michael Revellin-Clerc Bulk Menu Edit allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Bulk Menu Edit: from n/a through 1.3.

CVSS Score : 7.1

Reference: You are not allowed to view links. Register or Login to view.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brandtoss WP Mailster allows Reflected XSS. This issue affects WP Mailster: from n/a through 1.8.20.0.

CVSS Score : 7.1

Reference: You are not allowed to view links. Register or Login to view.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rickonline_nl Better WishList API allows Stored XSS. This issue affects Better WishList API: from n/a through 1.1.3.

CVSS Score : 7.1

Reference: You are not allowed to view links. Register or Login to view.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AcyMailing Newsletter Team AcyMailing SMTP Newsletter allows Reflected XSS. This issue affects AcyMailing SMTP Newsletter: from n/a through n/a.

CVSS Score : 7.1

Reference: You are not allowed to view links. Register or Login to view.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UIUX Lab Uix Page Builder allows Reflected XSS. This issue affects Uix Page Builder: from n/a through 1.7.3.

CVSS Score : 7.1

Reference: You are not allowed to view links. Register or Login to view.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fatcatapps Analytics Cat allows Reflected XSS. This issue affects Analytics Cat: from n/a through 1.1.2.

CVSS Score : 7.1

Reference: You are not allowed to view links. Register or Login to view.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in agileLogix Post Timeline allows Reflected XSS. This issue affects Post Timeline: from n/a through 2.3.9.

CVSS Score : 7.1

Reference: You are not allowed to view links. Register or Login to view.