| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shiful H SS Font Awesome Icon ss-font-awesome-icon allows Stored XSS.This issue affects SS Font Awesome Icon: from n/a through <= 4.1.3. |
| Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buffer, potentially resulting in unintentional disclosure of neighboring data in the heap, or a program crash.
A bug in the wide character pushback implementation (_IO_wdefault_pbackfail in libio/wgenops.c) causes ungetwc() to operate on the regular character buffer (fp->_IO_read_ptr) instead of the actual wide-stream read pointer (fp->_wide_data->_IO_read_ptr). The program crash may happen in cases where fp->_IO_read_ptr is not initialized and hence points to NULL. The buffer under-read requires a special situation where the input character encoding is such that there are overlaps between single byte representations and multibyte representations in that encoding, resulting in spurious matches. The spurious match case is not possible in the standard Unicode character sets. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Franz Wieser FW Anker fw-anker allows Stored XSS.This issue affects FW Anker: from n/a through <= 1.2.6. |
| Improper Validation of Specified Quantity in Input vulnerability in calliko Bonus for Woo bonus-for-woo allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bonus for Woo: from n/a through <= 7.6.6. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gugu short.io wp-shortcm allows DOM-Based XSS.This issue affects short.io: from n/a through <= 2.4.2. |
| Cross-Site Request Forgery (CSRF) vulnerability in INVELITY Invelity MyGLS connect invelity-mygls-connect allows Object Injection.This issue affects Invelity MyGLS connect: from n/a through <= 1.1.1. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webvitaly Search by Google search-google allows Stored XSS.This issue affects Search by Google: from n/a through <= 1.9. |
| Cross-Site Request Forgery (CSRF) vulnerability in snagysandor Parallax Scrolling Enllax.js parallax-scrolling-enllax-js allows Cross Site Request Forgery.This issue affects Parallax Scrolling Enllax.js: from n/a through <= 0.0.6. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in snagysandor Parallax Scrolling Enllax.js parallax-scrolling-enllax-js allows Stored XSS.This issue affects Parallax Scrolling Enllax.js: from n/a through <= 0.0.6. |
| Server-Side Request Forgery (SSRF) vulnerability in aitool Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One ai-auto-tool allows Server Side Request Forgery.This issue affects Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One: from n/a through <= 2.3.3. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codemstory 코드엠샵 소셜톡 mshop-naver-talktalk allows Stored XSS.This issue affects 코드엠샵 소셜톡: from n/a through <= 1.2.2. |
| Improper Control of Generation of Code ('Code Injection') vulnerability in PickPlugins Job Board Manager job-board-manager allows Code Injection.This issue affects Job Board Manager: from n/a through <= 2.1.61. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eric Mann WP Publication Archive wp-publication-archive allows Stored XSS.This issue affects WP Publication Archive : from n/a through <= 3.0.1. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Habibur Rahman Comment Form WP – Customize Default Comment Form comment-form-wp allows Stored XSS.This issue affects Comment Form WP – Customize Default Comment Form: from n/a through <= 2.0.1. |
| Missing Authorization vulnerability in priyanshumittal Shk Corporate shk-corporate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shk Corporate: from n/a through <= 2.4.1.1. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The African Boss Get Cash get-cash allows Stored XSS.This issue affects Get Cash: from n/a through <= 3.2.3. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mndpsingh287 WP Mail wp-mail allows DOM-Based XSS.This issue affects WP Mail: from n/a through <= 1.3. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdever WP Notification Bell wp-notification-bell allows Stored XSS.This issue affects WP Notification Bell: from n/a through <= 1.4.6. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themepoints Carousel Ultimate carousel allows Stored XSS.This issue affects Carousel Ultimate: from n/a through <= 1.8. |
| Unrestricted Upload of File with Dangerous Type vulnerability in CreedAlly Bulk Featured Image bulk-featured-image allows Upload a Web Shell to a Web Server.This issue affects Bulk Featured Image: from n/a through <= 1.2.4. |
