The web server of the E1 Zoom camera through 3.0.0.716 discloses its configuration via the /conf/ directory that is mapped to a publicly accessible path.…

In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when processing…

The web server of the E1 Zoom camera through 3.0.0.716 discloses its SSL private key via the root web server directory. In this way an…

The Download Monitor WordPress plugin before 4.5.91 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high…

The Accept Stripe Payments WordPress plugin before 2.0.64 does not sanitize and escape some of its settings, allowing high privilege users such as admin to…

The Contact Form 7 Captcha WordPress plugin before 0.1.2 does not escape the $_SERVER[‘REQUEST_URI’] parameter before outputting it back in an attribute, which could lead…

The Simple Post Notes WordPress plugin before 1.7.6 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site…

The Advanced Database Cleaner WordPress plugin before 3.1.1 does not escape numerous generated URLs before outputting them back in href attributes of admin dashboard pages,…

The Loading Page with Loading Screen WordPress plugin before 1.0.83 does not escape its settings, allowing high privilege users such as admin to perform cross-Site…

The Download Manager WordPress plugin before 3.2.44 does not escape a generated URL before outputting it back in an attribute of the history dashboard, leading…