CVE & Security Advisory Details

A critical OS command injection vulnerability was discovered in Dokploy that allows attackers to execute arbitrary system commands.

A local file inclusion vulnerability in Dokploy allows unauthorized access to sensitive files on the server.

An information disclosure vulnerability in Dokploy exposes sensitive configuration and system information.

A cross-site scripting (XSS) vulnerability in Cisco BroadWorks Application Delivery Platform could allow an attacker to execute arbitrary JavaScript code.

A stored cross-site scripting vulnerability was discovered in pfSense's Wake on LAN pages and Dashboard widget.

A stored cross-site scripting vulnerability exists in the IPsec Phase 1 configuration of pfSense.

A stored cross-site scripting vulnerability was identified in pfSense Firewall Schedules configuration.

An unauthenticated stored cross-site scripting vulnerability in OpenZiti's admin panel allows remote attackers to execute arbitrary JavaScript.

An unauthenticated server-side request forgery (SSRF) vulnerability in OpenZiti's admin panel enables attackers to access internal resources.

An authenticated SQL injection vulnerability in Bookly plugin versions up to 22.3.1 allows administrators to execute arbitrary SQL queries.

An unauthenticated stored XSS vulnerability in Booking Calendar plugin allows attackers to inject malicious scripts.

An unauthenticated SQL injection vulnerability in WP Job Portal allows remote attackers to extract sensitive database information.

Multiple authenticated XSS vulnerabilities in GTranslate plugin allow administrators to inject malicious scripts.

A reflected XSS vulnerability in WP EasyPay plugin allows attackers to execute JavaScript in user browsers.

A reflected XSS vulnerability via URL parameters in MyCryptoCheckout plugin enables script injection attacks.

An authenticated stored XSS vulnerability in Quick Paypal Payments plugin allows administrators to persistently inject malicious scripts.