Cross-Site Request Forgery (CSRF) vulnerability in Posti Posti Shipping posti-shipping allows Cross Site Request Forgery.10.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in beat.k Termin-Kalender termin-kalender allows Stored XSS.99.47. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in codehandling Youtube Video Grid youmax-channel-embeds-for-youtube-businesses allows Exploiting Incorrectly Configured Access Control Security. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PluginsCafe Advanced Data Table For Elementor advanced-data-table-for-elementor allows Stored. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Meini Utech World Time utech-world-time-for-wp allows Stored XSS.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in premila Gutensee gutensee allows DOM-Based XSS.0.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Mattermost versions 10.1.x <= 10.1.2, 10.0.x <= 10.0.2, 9.11.x <= 9.11.4, 9.5.x <= 9.5.12 fail to properly validate the type of callProps which allows a user to cause a client side (webapp and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The topm-client from Chunghwa Telecom has an Arbitrary File Read vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/services/ots/ots_client.c. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.
The CRM Perks - WordPress HelpDesk Integration - Zendesk, Freshdesk, HelpScout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'crm-perks-tickets' shortcode in all. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability was found in InvoicePlane up to 1.6.1 and classified as problematic. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
A vulnerability classified as problematic was found in funnyzpc Mee-Admin up to 1.6. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Missing Authorization vulnerability in dreamfox Dreamfox Media Payment gateway per Product for Woocommerce woocommerce-product-payments allows Exploiting Incorrectly Configured Access Control. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
CyberPanel (aka Cyber Panel) before f0cf648 allows XSS via token or username to plogical/phpmyadminsignin.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cortesfrau Better WP Login Page better-wp-login-page allows Stored XSS.1.2. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An issue was discovered in Logpoint before 7.5.0. Rated medium severity (CVSS 5.9). No vendor patch available.
An issue was discovered in Logpoint before 7.5.0. Rated medium severity (CVSS 5.9). No vendor patch available.
Mattermost Android Mobile Apps versions <=2.21.0 fail to properly configure file providers which allows an attacker with local access to access files via file provider. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Missing Authorization vulnerability in Eric Sloan Popup Surveys & Polls for WordPress (Mare.io) popup-surveys allows Exploiting Incorrectly Configured Access Control Security Levels.io): from n/a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in awfowler Easy Site Importer easy-site-importer allows Exploiting Incorrectly Configured Access Control Security Levels.0.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in Open Tools WooCommerce Basic Ordernumbers woocommerce-basic-ordernumbers allows Exploiting Incorrectly Configured Access Control Security Levels.4.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in Europe Ecologie Les Verts EELV Newsletter eelv-newsletter allows Cross Site Request Forgery.8.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in chenyenming Ui Slider Filter By Price ui-slider-filter-by-price allows Cross Site Request Forgery.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in Diversified Technology Corp. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita meeting-scheduler-by-vcita allows Cross Site Request Forgery.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Intrexx Portal Server before 12.0.2 allows XSS via a user-defined portlet. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Generation of Error Message Containing Sensitive Information vulnerability in videogallery Vimeography vimeography allows Retrieve Embedded Sensitive Data.4.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in Marco Giannini XML Multilanguage Sitemap Generator xml-multilanguage-sitemap-generator.0.6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in pixelgrade PixProof pixproof allows Accessing Functionality Not Properly Constrained by ACLs.0.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in PickPlugins Job Board Manager job-board-manager allows Exploiting Incorrectly Configured Access Control Security Levels.1.61. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in spreadr Spreadr Woocommerce spreadr-for-woocomerce allows Accessing Functionality Not Properly Constrained by ACLs.0.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability was found in InvoicePlane up to 1.6.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability was found in InvoicePlane up to 1.6.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A Hardcoded Cryptographic key vulnerability existed in DLP Extension 11.11.1.3 which allowed the decryption of previously encrypted user credentials. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in boldthemes Bold Page Builder bold-page-builder allows Path Traversal.1.5. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Mattermost versions 10.1.x <= 10.1.2, 10.0.x <= 10.0.2, 9.11.x <= 9.11.4, 9.5.x <= 9.5.12 fail to limit the file size for slack import file uploads which allows a user to cause a DoS via zip bomb by. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An SQL Injection vulnerability existed in DLP Extension 11.11.1.3. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A cross-site scripting (XSS) vulnerability in Sunbird DCIM dcTrack v9.1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in some admin screens. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An HTML injection vulnerability in Sunbird DCIM dcTrack 9.1.2 allows attackers authenticated as administrators to inject arbitrary HTML code in an admin screen. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Metabase is an open-source data analytics platform. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Mattermost versions 10.1.x <= 10.1.2, 10.0.x <= 10.0.2, 9.11.x <= 9.11.4, and 9.5.x <= 9.5.12 fail to prevent concurrently checking and updating the failed login attempts. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada avada.11.10. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in David Cramer Caldera SMTP Mailer caldera-smtp-mailer.0.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in leader codes Leader leader allows Exploiting Incorrectly Configured Access Control Security Levels.6.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in sohu 畅言评论系统 changyan allows Exploiting Incorrectly Configured Access Control Security Levels.0.5. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in Mohamed Abd Elhalim Arabic Webfonts arabic-webfonts allows Exploiting Incorrectly Configured Access Control Security Levels.4.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.