The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `file[files][]` parameter in versions up to, and including, 3.2.46 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
RISCV ISA Sim commit ac466a21df442c59962589ba296c702631e041b5 implements the incorrect exception priotrity when accessing memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
The component mcontrol.action in RISCV ISA Sim commit ac466a21df442c59962589ba296c702631e041b5 contains the incorrect mask which can cause a Denial of Service (DoS). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a and RISCV-Boom commit ad64c5419151e5e886daee7084d8399713b46b4b implements the incorrect exception type when a PMP violation occurs during address. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.
The *tval of ecall/ebreak in CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a was discovered to be incorrect. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a treats non-standard fence instructions as illegal which can affect the function of the application. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.
CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a implements an incorrect exception type when an illegal virtual address is loaded. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a and RISCV-Boom commit ad64c5419151e5e886daee7084d8399713b46b4b implements the incorrect exception type when a PMA violation occurs during address. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a executes crafted or incorrectly formatted det instructions rather create an exception. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a executes crafted or incorrectly formatted sfence.vma instructions rather create an exception. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A privilege chaining vulnerability [CWE-268] in FortiManager and FortiAnalyzer 6.0.x, 6.2.x, 6.4.0 through 6.4.7, 7.0.0 through 7.0.3 may allow a local and authenticated attacker with a restricted. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.
The plugin Wbcom Designs - BuddyPress Group Reviews for WordPress is vulnerable to unauthorized settings changes and review modification due to missing capability checks and improper nonce checks in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
An attacker that gains service access to the FSP (POWER9 only) or gains admin authority to a partition can compromise partition firmware. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Allows a remote user to read files on the camera's OS "GetFileContent.cgi". Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.2.1.53537. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in FortiOS version 7.0.5 and prior and 6.4.9 and prior may allow an unauthenticated. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiAuthenticator OWA Agent for Microsoft version 2.2 and 2.1 may allow an unauthenticated attacker to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The GiveWP plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions up to, and including, 2.20.2 via the /donor-wall REST-API endpoint which provides unauthenticated users. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The WordPress plugin Gallery for Social Photo is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.0.0.27 due to failure to properly check for the existence of a nonce in. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.
The WordPress plugin Image Slider is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.1.121 due to failure to properly check for the existence of a nonce in the function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.
ZXEN CG200 has a DoS vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Directory listing is a web server function that displays the directory contents when there is no index file in a specific website directory. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.