Open Forms is an application for creating and publishing smart forms. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.
Cross-site scripting vulnerability exists in WP Statistics versions prior to 13.2.0 because it improperly processes a platform parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The Sticky Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ popup_title' parameter in versions up to, and including, 1.2 due to insufficient input sanitization and. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Missing authorization vulnerability in the system components. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
The kernel module has the null pointer and out-of-bounds array vulnerabilities. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
AppLink has a vulnerability of accessing uninitialized pointers. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
The fingerprint sensor module has design defects. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
The communication module has a vulnerability of improper permission preservation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
The kernel emcom module has multi-thread contention. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Vulnerable versions of the JupiterX Theme (<=2.0.6) allow any logged-in user, including subscriber-level users, to access any of the functions registered in lib/api/api/ajax.php, which also grant. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Attacker is able to determine if the provided username exists (and it's valid) using Request New Password feature, based on the response time. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A reply to a forwarded email article by a 3rd party could unintensionally expose the email content to the ticket customer under certain circumstances. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
When Secure::DisableBanner system configuration has been disabled and agent shares his calendar via public URL, received ICS file contains OTRS release number. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The Mitsol Social Post Feed WordPress plugin before 1.11 does not escape some of its settings before outputting them back in attributes, which could allow high privilege users such as admin to. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Strapi v3.x.x versions and earlier contain a stored cross-site scripting vulnerability in file upload function. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The kernel module has the race condition vulnerability. Rated medium severity (CVSS 4.7). No vendor patch available.
Cross-site request forgery (CSRF) vulnerability in Easy Blog for EC-CUBE4 Ver.1.0.1 and earlier allows a remote unauthenticated attacker to hijack the authentication of the administrator and delete a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.