The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
The Salient Shortcodes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.5.3 via the 'icon' shortcode 'image' attribute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) on Session Token vulnerability that could potentially lead to Remote Code Execution (RCE). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
MSI Afterburner v4.6.6.16381 Beta 3 is vulnerable to an ACL Bypass vulnerability in the RTCore64.sys driver, which leads to triggering vulnerabilities like CVE-2024-1443 and CVE-2024-1460 from a low. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
The Salient Core plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.7 via the 'nectar_icon' shortcode 'icon_linea' attribute. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.
IBM i 7.2, 7.3, and 7.4 could allow a remote attacker to execute arbitrary code leading to a denial of service of network ports on the system, caused by the deserialization of untrusted data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
SSL/TLS Renegotiation functionality potentially leading to DoS attack vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.