A Cross-Site Request Forgery (CSRF) vulnerability in the parisneo/lollms-webui project allows remote attackers to execute arbitrary code on a victim's system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
A vulnerability, which was classified as critical, was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.0.6 via the render_raw function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.
The Essential Addons for Elementor plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.9.13 via deserialization of untrusted input from the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.