Dreamer_cms 4.1.3 is vulnerable to Cross Site Request Forgery (CSRF) via Add permissions to CSRF in Permission Management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
git-urls 1.0.0 allows ReDOS (Regular Expression Denial of Service) in urls.go. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The Paid Memberships Pro plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'pmpro_paypalexpress_session_vars_for_user_fields' function in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Epss exploitation probability 19.7%.
Cross-Site Request Forgery (CSRF) vulnerability in Mammothology WP Full Stripe Free.0.16. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The AppPresser plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 4.2.5. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.
IBM CICS TX Advanced 10.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.