Dapr is a portable, event-driven, runtime for building distributed applications across cloud and edge. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability was found in Huashi Private Cloud CDN Live Streaming Acceleration Server up to 20240520. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to and including 5.0 due to insufficient input sanitization and output. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.7 due to. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.
The Email Subscribers by Icegram Express - Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Brizy - Page Builder plugin for WordPress is vulnerable to unauthorized plugin setting update due to a missing capability check on the functions action_request_disable, action_change_template,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The EmbedPress - Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to unauthorized access of. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.
TP-Link Omada ER605 Reliance on Security Through Obscurity Vulnerability. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. No vendor patch available.