A vulnerability in anmari amr users amr-users.59.4. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.
A vulnerability in Stiofan UsersWP userswp.2.3.9. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.
A vulnerability in Pär Thernström Simple History simple-history.3.1. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.
A vulnerability in Masahiro NAKASHIMA WP CSV Exporter wp-csv-exporter.0. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.
A local non-privileged user can make GPU processing operations that expose sensitive data from previously freed memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Use of implicit intent for sensitive communication vulnerability in EasySetup prior to version 11.1.13 allows attackers to get the bluetooth address of user device. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Improper access control vulnerability in Quick Share prior to 13.5.52.0 allows local attacker to access local files. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Improper access control vulnerability in Samsung Account prior to version 14.5.01.1 allows attackers to access sensitive information via implicit intent. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
PendingIntent hijacking vulnerability in ChallengeNotificationManager in Samsung Health prior to version 6.25 allows local attackers to access data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Improper input validation vulnerability in ChooserActivity prior to SMR Nov-2023 Release 1 allows local attackers to read arbitrary files with system privilege. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Improper input validation vulnerability in ProcessWriteFile of libsec-ril prior to SMR Nov-2023 Release 1 allows local attackers to expose sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Information disclosure in WLAN HAL while handling command through WMI interfaces. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Information disclosure in WLAN HAL when reception status handler is called. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Information disclosure in WLAN HAL while handling the WMI state info command. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Information disclosure in IOE Firmware while handling WMI command. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Information Disclosure in Qualcomm IPC while reading values from shared memory in VM. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Information Disclosure in WLAN Host when processing WMI event command. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
The improper privilege management vulnerability in the Zyxel GS1900-24EP switch firmware version V2.70(ABTO.5) could allow an authenticated local user with read-only access to modify system settings. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology SSL VPN Client before 1.4.7-0687 allows local users to conduct denial-of-service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in CRUDLab Jazz Popups jazz-popups.8.7. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The UpdraftPlus: WordPress Backup & Migration Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.23.10. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.
The ImageMapper plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'imgmap_delete_area_ajax' function in versions up to, and including, 1.2.6. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Missing Authentication in Apache Software Foundation Apache OFBiz when using the Solr plugin.12.09. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.
Improper authorization verification vulnerability in Samsung Email prior to version 6.1.90.4 allows attackers to read sandbox data of email. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper authorization in PushClientProvider of Samsung Push Service prior to version 3.4.10 allows attacker to access unique id. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in wpWax Directorist directorist.7.1. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable. No vendor patch available.
Allura Discussion and Allura Forum importing does not restrict URL values specified in attachments. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.
A vulnerability in Icegram Email Subscribers & Newsletters email-subscribers.5.2. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
A vulnerability in Scott Reilly Commenter Emails commenter-emails.6.1. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
A vulnerability in bestweblayout Post to CSV by BestWebSoft post-to-csv.4.0. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
A vulnerability in PluginOps Form Builder contact-form-add.9.9.0. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
A vulnerability in StellarWP GiveWP give.25.1. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
The Amazonify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.8.1 due to insufficient input sanitization and output. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
A vulnerability in Saad Iqbal Email Templates email-templates.4.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The ImageMapper plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.
The Amazonify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.8.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.
A flaw was found in Quay. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in Veeam ONE allows a user with the Veeam ONE Read-Only User role to view the Dashboard Schedule. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.
A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.
A vulnerability in WP Legal Pages WP Cookie Notice for GDPR, CCPA & ePrivacy Consent gdpr-cookie-consent.2.5. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable. No vendor patch available.