The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to blind SQL Injection via the rtmedia_gallery shortcode in all versions up to, and including, 4.6.18 due to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 26.6% and no vendor patch available.
Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the mitInterface parameter in ip/goform/addressNat. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0 and classified as critical.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability classified as critical has been found in Tenda AC8 16.03.34.09. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in Tenda AC8 16.03.34.09. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in Tenda AC8 16.03.34.09. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the funcpara1 parameter in ip/goform/setcfm. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Conform, a type-safe form validation library, allows the parsing of nested objects in the form of `object.property`. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability has been found in Kashipara Online Furniture Shopping Ecommerce Website 1.0 and classified as critical. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability, which was classified as critical, was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the page parameter in ip/goform/addressNat. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the entrys parameter in ip/goform/RouteStatic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An incorrect type conversion vulnerability exists in the DVPSSoftcopyVOI_PList::createFromImage functionality of OFFIS DCMTK 3.6.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the PPPOEPassword parameter in ip/goform/QuickIndex. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An unquoted service path vulnerability in Terratec DMX_6Fire USB v.1.23.0.02 allows a local attacker to escalate privileges via the Program.exe component. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the mitInterface parameter in ip/goform/RouteStatic. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability classified as problematic has been found in Kashipara Online Furniture Shopping Ecommerce Website 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
FreeRDP is a free implementation of the Remote Desktop Protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
FreeRDP is a free implementation of the Remote Desktop Protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
FreeRDP is a free implementation of the Remote Desktop Protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
PX4 Autopilot v.1.14 allows an attacker to fly the drone into no-fly zones by breaching the geofence using flaws in the function. Rated medium severity (CVSS 5.6). Public exploit code available.
A vulnerability was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A stored cross-site scripting (XSS) vulnerability in the remotelink function of HadSky v7.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Hono is a Web application framework that provides support for any JavaScript runtime. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
An issue discovered in RG-RSR10-01G-T(W)-S and RG-RSR10-01G-T(WA)-S routers with firmware version RSR10-01G-T-S_RSR_3.0(1)B9P2, Release(07150910) allows attackers to execute arbitrary code via the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The network server of fceux 2.7.0 has a path traversal vulnerability, allowing attackers to overwrite any files on the server without authentication by fake ROM. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
FreeRDP is a free implementation of the Remote Desktop Protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
FreeRDP is a free implementation of the Remote Desktop Protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.
An issue in Flipsnack v.18/03/2024 allows a local attacker to obtain sensitive information via the reader.gz.js file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Session Hijacking vulnerability in Hitachi Ops Center Analyzer.0.0-00 before 11.0.1-00. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Forminator prior to 1.29.3 contains a SQL injection vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A key used in logging.json does not follow the least privilege principle by default and is exposed to local users in the Rapid7 Platform. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.
An unauthenticated remote attacker can deceive users into performing unintended actions due to improper restriction of rendered UI layers or frames. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget containers in all versions up to, and including, 1.3.971 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
The Rank Math SEO with AI SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's HowTo and FAQ widgets in all versions up to, and including, 1.0.216 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Grid & Advanced Text widget HTML tags in all versions up to, and including,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
The wpDiscuz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Alternative Text' field of an uploaded image in all versions up to, and including, 7.6.15 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's "How To" and "FAQ" Blocks in all versions up to, and including, 1.29 due. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The GeoDirectory - WordPress Business Directory Plugin, or Classified Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gd_single_tabs' shortcode in all. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Advanced Accordion widget in all versions up to, and including, 1.3.971 due. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Hugo is a static site generator. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly Verify the parameters of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Bkav Home v7816, build 2403161130 is vulnerable to a Memory Information Leak vulnerability by triggering the 0x222240 IOCTL code of the BkavSDFlt.sys driver. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Watchdog Antivirus v1.6.415 is vulnerable to a Denial of Service vulnerability by triggering the 0x80002014 IOCTL code of the wsdk-driver.sys driver. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Forminator prior to 1.15.4 contains a cross-site scripting vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in Anssi Laitila Shared Files shared-files.7.16. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An out of bounds write vulnerability in the AMD Radeon™ user mode driver for DirectX® 11 could allow an attacker with access to a malformed shader to potentially achieve arbitrary code execution. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.