Latest CVE Feed
-
7.5
HIGHCVE-2016-3674
Multiple XML external entity (XXE) vulnerabilities in the (1) Dom4JDriver, (2) DomDriver, (3) JDomDriver, (4) JDom2Driver, (5) SjsxpDriver, (6) StandardStaxDriver, and (7) WstxDriver drivers in XStream before 1.4.9 allow remote attackers to read arbitrary... Read more
- Published: May. 17, 2016
- Modified: May. 23, 2025
-
9.8
CRITICALCVE-2025-24607
Missing Authorization vulnerability in Northern Beaches Websites IdeaPush allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects IdeaPush: from n/a through 8.71.... Read more
Affected Products : ideapush- Published: Feb. 14, 2025
- Modified: May. 23, 2025
- Vuln Type: Authorization
-
7.1
HIGHCVE-2025-22284
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in enituretechnology LTL Freight Quotes – Unishippers Edition allows Reflected XSS. This issue affects LTL Freight Quotes – Unishippers Edition: from n/a th... Read more
- Published: Feb. 16, 2025
- Modified: May. 23, 2025
- Vuln Type: Cross-Site Scripting
-
9.8
CRITICALCVE-2025-22289
Missing Authorization vulnerability in NotFound LTL Freight Quotes – Unishippers Edition allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects LTL Freight Quotes – Unishippers Edition: from n/a through 2.5.8.... Read more
- Published: Feb. 16, 2025
- Modified: May. 23, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-26767
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Qubely – Advanced Gutenberg Blocks allows Stored XSS. This issue affects Qubely – Advanced Gutenberg Blocks: from n/a through 1.8.12.... Read more
Affected Products : qubely- Published: Feb. 16, 2025
- Modified: May. 23, 2025
- Vuln Type: Cross-Site Scripting
-
9.8
CRITICALCVE-2021-21350
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to execute arbitrary code only by manipulating the processed input stream. No user is affect... Read more
Affected Products : fedora debian_linux weblogic_server communications_policy_management oncommand_insight jmeter retail_xstore_point_of_service webcenter_portal xstream activemq +7 more products- Published: Mar. 23, 2021
- Modified: May. 23, 2025
-
8.6
HIGHCVE-2021-21349
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating... Read more
Affected Products : fedora debian_linux communications_policy_management oncommand_insight jmeter retail_xstore_point_of_service webcenter_portal xstream activemq banking_platform +8 more products- Published: Mar. 23, 2021
- Modified: May. 23, 2025
-
7.8
HIGHCVE-2021-21348
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is affected... Read more
Affected Products : fedora debian_linux communications_policy_management oncommand_insight jmeter retail_xstore_point_of_service webcenter_portal xstream activemq banking_platform +7 more products- Published: Mar. 23, 2021
- Modified: May. 23, 2025
-
9.8
CRITICALCVE-2021-21347
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed inp... Read more
Affected Products : fedora debian_linux weblogic_server communications_policy_management oncommand_insight jmeter retail_xstore_point_of_service webcenter_portal xstream activemq +7 more products- Published: Mar. 23, 2021
- Modified: May. 23, 2025
-
7.2
HIGHCVE-2025-0924
The WP Activity Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘message’ parameter in all versions up to, and including, 5.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenti... Read more
Affected Products : wp_activity_log- Published: Feb. 17, 2025
- Modified: May. 23, 2025
- Vuln Type: Cross-Site Scripting
-
9.8
CRITICALCVE-2021-21346
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed inp... Read more
Affected Products : fedora debian_linux communications_policy_management oncommand_insight jmeter retail_xstore_point_of_service webcenter_portal xstream activemq banking_platform +7 more products- Published: Mar. 23, 2021
- Modified: May. 23, 2025
-
9.9
CRITICALCVE-2021-21345
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the processed... Read more
Affected Products : fedora debian_linux peoplesoft_enterprise_peopletools communications_policy_management oncommand_insight jmeter retail_xstore_point_of_service webcenter_portal xstream activemq +7 more products- Published: Mar. 23, 2021
- Modified: May. 23, 2025
-
9.8
CRITICALCVE-2021-21344
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed inp... Read more
Affected Products : fedora debian_linux communications_policy_management oncommand_insight jmeter retail_xstore_point_of_service webcenter_portal xstream activemq banking_platform +7 more products- Published: Mar. 23, 2021
- Modified: May. 23, 2025
-
7.1
HIGHCVE-2024-13626
The VR-Frases (collect & share quotes) WordPress plugin through 3.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admi... Read more
Affected Products : vr-frases- Published: Feb. 17, 2025
- Modified: May. 23, 2025
- Vuln Type: Cross-Site Scripting
-
7.5
HIGHCVE-2021-21343
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream c... Read more
Affected Products : fedora debian_linux communications_policy_management oncommand_insight jmeter retail_xstore_point_of_service webcenter_portal xstream activemq banking_platform +6 more products- Published: Mar. 23, 2021
- Modified: May. 23, 2025
-
9.1
CRITICALCVE-2021-21342
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream c... Read more
Affected Products : fedora debian_linux communications_policy_management oncommand_insight jmeter retail_xstore_point_of_service webcenter_portal xstream activemq banking_platform +6 more products- Published: Mar. 23, 2021
- Modified: May. 23, 2025
-
7.5
HIGHCVE-2021-21341
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is vulnerability which may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of ... Read more
Affected Products : fedora debian_linux oncommand_insight jmeter retail_xstore_point_of_service webcenter_portal xstream activemq banking_platform communications_unified_inventory_management +4 more products- Published: Mar. 23, 2021
- Modified: May. 23, 2025
-
4.7
MEDIUMCVE-2024-13627
The OWL Carousel Slider WordPress plugin through 2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more
Affected Products : owl_carousel_slider- Published: Feb. 17, 2025
- Modified: May. 23, 2025
- Vuln Type: Cross-Site Scripting
-
9.1
CRITICALCVE-2021-21351
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input str... Read more
Affected Products : fedora debian_linux communications_policy_management oncommand_insight jmeter retail_xstore_point_of_service webcenter_portal xstream activemq banking_platform +7 more products- Published: Mar. 23, 2021
- Modified: May. 23, 2025
-
6.5
MEDIUMCVE-2024-13356
The DSGVO All in one for WP plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6. This is due to missing or incorrect nonce validation in the user_remove_form.php file. This makes it possible for unaut... Read more
Affected Products : dsgvo_all_in_one_for_wp- Published: Feb. 04, 2025
- Modified: May. 23, 2025
- Vuln Type: Cross-Site Request Forgery