The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'attribute_value' and 'attribute_id' parameters in all versions up to, and including, 1.3.0 due to insufficient. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 47.2%.
A vulnerability was found in SourceCodester Aplaya Beach Resort Online Reservation System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in SourceCodester Aplaya Beach Resort Online Reservation System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in SourceCodester Aplaya Beach Resort Online Reservation System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability has been found in SourceCodester Aplaya Beach Resort Online Reservation System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability, which was classified as critical, was found in SourceCodester Aplaya Beach Resort Online Reservation System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability, which was classified as critical, has been found in SourceCodester Aplaya Beach Resort Online Reservation System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A path traversal vulnerability exists in the Java version of CData Connect < 23.4.8846 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A path traversal vulnerability exists in the Java version of CData API Server < 23.4.8844 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability classified as critical was found in SourceCodester Aplaya Beach Resort Online Reservation System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability classified as critical has been found in SourceCodester Aplaya Beach Resort Online Reservation System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in SourceCodester Airline Ticket Reservation System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Arbitrary file upload vulnerability in Sourcecodester Complete E-Commerce Site v1.0, allows remote attackers to execute arbitrary code via filename parameter in admin/products_photo.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
MailDev 2 through 2.1.0 allows Remote Code Execution via a crafted Content-ID header for an e-mail attachment, leading to lib/mailserver.js writing arbitrary code into the routes.js file. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A command injection vulnerability exists in /goform/exeCommand in Tenda AC18 v15.03.05.05, which allows attackers to construct cmdinput parameters for arbitrary command execution. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A path traversal vulnerability exists in the Java version of CData Sync < 23.4.8843 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain access. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A path traversal vulnerability exists in the Java version of CData Arc < 23.4.8839 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain access to. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability was found in SourceCodester Aplaya Beach Resort Online Reservation System 1.0 and classified as critical.php. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
GRUB2 does not call the module fini functions on exit, leading to Debian/Ubuntu's peimage GRUB2 module leaving UEFI system table hooks after exit. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
The Gutenberg Blocks by Kadence Blocks WordPress plugin before 3.2.26 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in SourceCodester eLearning System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
In afe_callback of q6afe.c, there is a possible out of bounds write due to a buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Webhood is a self-hosted URL scanner used analyzing phishing and malicious sites. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability classified as problematic has been found in SourceCodester Aplaya Beach Resort Online Reservation System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
InstantCMS is a free and open source content management system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The LearnPress - WordPress LMS Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.0.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Authorization Bypass Through User-Controlled Key vulnerability in ExtremePacs Extreme XDS allows Authentication Abuse. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Directory Traversal vulnerability in zly2006 Reden before v.0.2.514 allows a remote attacker to execute arbitrary code via the DEBUG_RTC_REQUEST_SYNC_DATA in KeyCallbacks.kt. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability classified as problematic has been found in SourceCodester eLearning System 1.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
In tmu_set_tr_thresholds of tmu.c, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In lpm_req_handler of lpm.c, there is a possible out of bounds write due to improper input validation. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An issue in Secnet Security Network Intelligent AC Management System v.1.02.040 allows a local attacker to escalate privileges via the password component. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In tmu_set_tr_num_thresholds of tmu.c, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
there is a possible way to bypass due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In pblS2mpuResume of s2mpu.c, there is a possible mitigation bypass due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
A race condition in the installer executable in Qlik Qlikview before versions May 2022 SR3 (12.70.20300) and May 2023 SR2 (12,80.20200) may allow an existing lower privileged user to cause code to be. Rated high severity (CVSS 7.8). No vendor patch available.
In tmu_set_control_temp_step of tmu.c, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In tmu_set_temp_lut of tmu.c, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Due to length check, an attacker with privilege access on a Linux Nonsecure operating system can trigger a vulnerability and leak the secure memory from the Trusted Application. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A denial of service vulnerability was reported in some Lenovo Printers that could allow an attacker to cause the device to crash by sending crafted LPD packets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability was reported in some Lenovo Printers that could allow an unauthenticated attacker to obtain the administrator password. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
NVIDIA NeMo framework for Ubuntu contains a vulnerability in tools/asr_webapp where an attacker may cause an allocation of resources without limits or throttling. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
SheetJS Community Edition before 0.20.2 is vulnerable.to Regular Expression Denial of Service (ReDoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In tmu_set_table of tmu.c, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.
there is a possible permission bypass due to Debug certs being allowlisted. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.
Sunshine is a self-hosted game stream host for Moonlight. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Incorrect Use of Privileged APIs vulnerability in ExtremePacs Extreme XDS allows Collect Data as Provided by Users. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In tmu_get_tr_thresholds, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is no authentication required. No vendor patch available.
Mattermost versions 8.1.x before 8.1.11, 9.3.x before 9.3.3, 9.4.x before 9.4.4, and 9.5.x before 9.5.2 fail to authenticate the source of certain types of post actions, allowing an authenticated. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Mattermost Server versions 9.5.x before 9.5.2, 9.4.x before 9.4.4, 9.3.x before 9.3.3, 8.1.x before 8.1.11 don't limit the number of user preferences which allows an attacker to send a large number. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.