The WPS Hide Login plugin for WordPress is vulnerable to Login Page Disclosure in all versions up to, and including, 1.9.15.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 11.8%.
Insecure permissions in Linksys Velop WiFi 5 (WHW01v1) 1.1.13.202617 allows attackers to escalate privileges from Guest to root. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
On Windows 10, when using the 'Save As' functionality, an attacker could have tricked the browser into saving the file with a disallowed extension such as `.url` by including an invalid character in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
MeterSphere is an open source continuous testing platform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
If a specific sequence of actions is performed when opening a new tab, the triggering principal associated with the new tab may have been incorrect. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
If exploited an attacker could traverse the file system to access files or directories that would otherwise be inaccessible. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity.
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity.
Windows Container Manager Service Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.
Allow attackers to intercept or falsify data exchanges between the client and the server. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity.
Windows Distributed File System (DFS) Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.
Visual Studio Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable.
Inappropriate implementation in Downloads in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to obfuscate security UI via a malicious file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Policy bypass in CORS in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Inappropriate Implementation in Memory Allocator in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability exists in the UNEM server / APIGateway that if exploited allows a malicious user to perform an arbitrary number of authentication attempts using different passwords, and eventually. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
An issue was discovered in Kape CyberGhostVPN 8.4.3.12823 on Windows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in If So Plugin If-So Dynamic Content Personalization.7.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Excessive platform resource consumption within a loop issue exists in Cybozu Garoon 5.0.0 to 5.15.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Manage Incoming Payment Files (F1680) of SAP S/4HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
An authenticated attacker can upload malicious file to SAP Document Builder service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.
SAP NetWeaver and ABAP platform allows an attacker to impede performance for legitimate users by crashing or flooding the service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.
The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's SiteOrigin Blog Widget in all versions up to, and including, 1.61.1 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
The Events Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Basic Slider, Upcoming Events, and Schedule widgets in all versions up to, and including,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
The Futurio Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘header_size’ attribute within the Advanced Text Block widget in all versions up to, and including, 2.0.5. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
The ShopLentor - WooCommerce Builder for Elementor & Gutenberg +12 Modules - All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
The WordPress Online Booking and Scheduling Plugin - Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Color Profile parameter in all versions up to, and including,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Flickr widget in all versions up to, and including, 2.2.8 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom field name column in all versions up to, and including, 2.6.1 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cpt' shortcode in all versions up to, and including, 2.6.1 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
The Essential Addons for Elementor - Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_js’ parameter in. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Missing Authorization vulnerability in Saleswonder Team: Tobias CF7 WOW Styler cf7-styler.6.4. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in ThemeBoy SportsPress - Sports Club & League Manager.7.20. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in AddonMaster Load More Anything.3.3. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Jupyter Server Proxy allows users to run arbitrary external processes alongside their notebook server and provide authenticated web access to them. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
By manipulating the fullscreen feature while opening a data-list, an attacker could have overlaid a text box over the address bar. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of same-origin policy. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Due to insufficient input validation, SAP CRM WebClient UI allows an unauthenticated attacker to craft a URL link which embeds a malicious script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
On Unix, SAP BusinessObjects Business Intelligence Platform (Scheduling) allows an authenticated attacker with administrator access on the local server to access the password of a local account. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
A vulnerability exists in the message queueing mechanism that if exploited can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.
The MetForm - Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.8.8 via the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
The Advanced Contact form 7 DB plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'vsz_cf7_export_to_excel' function in versions up to, and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Windows Cryptographic Services Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
Winlogon Elevation of Privilege Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.
Winlogon Elevation of Privilege Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Windows Themes Denial of Service Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.