The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siteorigin_widget' shortcode in all versions up to, and including, 2.29.15 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
The ShopLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's woolentorsearch shortcode in all versions up to, and including, 2.8.8 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
The HT Mega - Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘popover_header_text’ parameter in versions up to, and including, 2.5.2 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel - Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 3.6.1 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Master Slider - Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ms_slide_info' shortcode in all versions up to, and including, 3.9.9. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The UberMenu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ubermenu-col, ubermenu_mobile_close_button, ubermenu_toggle, ubermenu-search shortcodes in all versions. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘has_field_link_rel’ parameter in all versions up to, and including, 2.0.46 due to insufficient input sanitization. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escape_dict. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Umbraco is an ASP.NET CMS used by more than 730.000 websites. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.
OMERO.web provides a web based client and plugin infrastructure. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Improper Verification of Cryptographic Signature vulnerability in HYPR Passwordless on Windows allows Malicious Software Update.1. Rated medium severity (CVSS 5.6). No vendor patch available.
In the Linux kernel, the following vulnerability has been resolved: nfsd: fix NULL dereference in nfs3svc_encode_getaclres In error cases the dentry may be NULL. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
In the Linux kernel, the following vulnerability has been resolved: btrfs: lock the inode in shared mode before starting fiemap Currently fiemap does not take the inode's lock (VFS lock), it only. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
The buffer overflow vulnerability in the DX3300-T1 firmware version V5.50(ABVY.4)C0 could allow an authenticated local attacker to cause denial of service (DoS) conditions by executing the CLI. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
The YouTube Video Gallery by YouTube Showcase - Video Gallery Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
The HT Mega - Absolute Addons For Elementor plugin for WordPress is vulnerable to unauthorized modification of data|loss of data due to a missing capability check on the 'ajax_dismiss' function in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
The vCenter Server contains a partial file read vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Umbraco CMS is an ASP.NET CMS used by more than 730.000 websites. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
A Stored Cross-site Scripting (XSS) vulnerability in the "Import of organizational units and title of organizational unit" feature in ILIAS 7.20 to 7.29 and ILIAS 8.4 to 8.10 as well as ILIAS 9.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
OpenBD 20210306203917-6cbe797 is vulnerable to Deserialization of Untrusted Data. Rated low severity (CVSS 3.9), this vulnerability is low attack complexity. No vendor patch available.