Unrestricted Upload of File with Dangerous Type vulnerability in Elementor.Com Elementor Website Builder.3.0 through 3.18.1. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 90.8%.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ExpressTech Quiz And Survey Master.1.4. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 32.1%.
Unrestricted Upload of File with Dangerous Type vulnerability in WEN Solutions WP Child Theme Generator.0.9. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 13.0%.
A vulnerability was found in code-projects Mobile Shop 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in Campcodes House Rental Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Tenda AC18 V15.03.05.05 contains a command injection vulnerablility in the deviceName parameter of formsetUsbUnload function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue in Ignite Realtime Openfire v.4.9.0 and before allows a remote attacker to escalate privileges via the ROOM_CACHE component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
xzs-mysql 3.8 is vulnerable to Insufficient Session Expiration, which allows attackers to use the session of a deleted admin to do anything. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /src/dede/makehtml_homepage.php allowing a remote attacker to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The delete admin users function of SourceCodester PHP Task Management System 1.0 is vulnerable to SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Unrestricted Upload of File with Dangerous Type vulnerability in Artbees JupiterX Core.3.5. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 22.9% and no vendor patch available.
Unrestricted Upload of File with Dangerous Type vulnerability in MainWP MainWP File Uploader Extension.1. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper access control in PAM vault permissions in Devolutions Server 2024.1.10.0 and earlier allows an authenticated user with access to the PAM to access unauthorized PAM entries via a specific. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In Eclipse ThreadX NetX Duo before 6.4.0, if an attacker can control parameters of __portable_aligned_alloc() could cause an integer wrap-around and an allocation smaller than expected. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.
OS command injection vulnerability exists in ffBull ver.4.11, which may allow a remote unauthenticated attacker to execute an arbitrary OS command with the privilege of the running web server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Product Import Export for WooCommerce.4.1. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Unrestricted Upload of File with Dangerous Type vulnerability in Terry Lin WP Githuber MD.16.2. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Unrestricted Upload of File with Dangerous Type vulnerability in Zachary Segal CataBlog.7.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Unrestricted Upload of File with Dangerous Type vulnerability in Julien Crego Manager for Icomoon.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.