| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A vulnerability in Brocade Fabric OS versions before 9.2.1c2 could allow an administrator-level user to execute the bind command, to escalate privileges and bypass security controls allowing the execution of arbitrary commands. |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLButtonField.Php.
This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1. |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Action/mediawiki.Action.Edit.Preview.Js, resources/src/mediawiki.Page.Preview.Js.
This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1. |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Parsoid. This vulnerability is associated with program files includes/parser/Sanitizer.Php, src/Core/Sanitizer.Php.
This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1; Parsoid: from * before 0.16.6, 0.20.4, 0.21.1. |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Rcfilters/ui/RclToOrFromWidget.Js.
This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1. |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/CodexHTMLForm.Php, includes/htmlform/fields/HTMLButtonField.Php.
This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1. |
| Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files src/Api/Rest/Handler/UserInfoHandler.Php.
This issue affects CheckUser: from a3dc1bbcc33acbcca6831d6afaccbb1054c93a57, 0584eb2ad564648aa3ce9c555dd044dda02b55f4. |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files modules/ext.CheckUser/checkuser/checkUserHelper/buildUserElement.Js.
This issue affects CheckUser: from * before 1.44.1. |
| Vulnerability in Wikimedia Foundation TextExtracts. This vulnerability is associated with program files includes/ApiQueryExtracts.Php.
This issue affects TextExtracts: from * before 1.39.14, 1.43.4, 1.44.1. |
| Vulnerability in Wikimedia Foundation Thanks. This vulnerability is associated with program files includes/ThanksQueryHelper.Php.
This issue affects Thanks: from * before 1.43.4, 1.44.1. |
| Vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Cite. This vulnerability is associated with program files includes/Parser/CoreParserFunctions.Php, includes/Parser/Sanitizer.Php.
This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1; Cite: from * before 1.39.14, 1.43.4, 1.44.1. |
| Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiQueryRevisionsBase.Php.
This issue affects MediaWiki: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1. |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.JqueryMsg/mediawiki.JqueryMsg.Js.
This issue affects MediaWiki: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1. |
| Vulnerability in Wikimedia Foundation Scribunto, Wikimedia Foundation luasandbox. This vulnerability is associated with program files includes/Engines/LuaCommon/lualib/mwInit.Lua, library.C.
This issue affects Scribunto: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1; luasandbox: from * before fea2304f8f6ab30314369a612f4f5b165e68e95a. |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Page.Preview.Js.
This issue affects MediaWiki: from * before 1.43.6, 1.44.3, 1.45.1. |
| Khoj is a self-hostable artificial intelligence app. Prior to 2.0.0-beta.23, an IDOR in the Notion OAuth callback allows an attacker to hijack any user's Notion integration by manipulating the state parameter. The callback endpoint accepts any user UUID without verifying the OAuth flow was initiated by that user, allowing attackers to replace victims' Notion configurations with their own, resulting in data poisoning and unauthorized access to the victim's Khoj search index. This attack requires knowing the user's UUID which can be leaked through shared conversations where an AI generated image is present. This vulnerability is fixed in 2.0.0-beta.23. |
| Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/specials/pagers/BlockListPager.Php, includes/api/ApiQueryBlocks.Php.
This issue affects MediaWiki: from >= 1.42.0 before 1.39.13, 1.42.7 1.43.2, 1.44.0. |
| A stored cross-site scripting (XSS) vulnerability in the Jobs module of Tendenci CMS v15.3.7 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload. |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ofisimo Web-Based Software Technologies Association Web Package Flora allows XSS Through HTTP Headers.This issue affects Association Web Package Flora: from v3.0 through 03022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kod8 Software Technologies Trade Ltd. Co. Kod8 Individual and SME Website allows Reflected XSS.This issue affects Kod8 Individual and SME Website: through 03022026.
NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
