Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
The Timeline Designer plugin for WordPress is vulnerable to SQL Injection via the 's' parameter in all versions up to, and including, 1.4 due to insufficient escaping on the user supplied parameter. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in WPForms Contact Form by WPForms allows Exploiting Incorrectly Configured Access Control Security Levels.9.2.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Duplicate Post, Page and Any Custom Post plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.3 via the 'dpp_duplicate_as_draft'. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in WPvivid Backup & Migration WPvivid Backup and Migration allows Accessing Functionality Not Properly Constrained by ACLs.9.106. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in Sprout Apps Help Scout allows Exploiting Incorrectly Configured Access Control Security Levels.5.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in Faaiq Pretty Url allows Cross Site Request Forgery.5.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in Jason Funk Title Experiments Free allows Cross Site Request Forgery.0.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in Lenderd 1003 Mortgage Application allows Exploiting Incorrectly Configured Access Control Security Levels.87. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The FancyPost - Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in SecureSubmit WP SecureSubmit allows Exploiting Incorrectly Configured Access Control Security Levels.5.16. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in ThemeSupport Hide Category by User Role for WooCommerce.1.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in MagePeople Team Bus Ticket Booking with Seat Reservation allows Cross Site Request Forgery.4.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in DearHive Social Media Share Buttons | MashShare.0.47. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in Digital Zoom Studio Admin debug wordpress - enable debug allows Cross Site Request Forgery.0.13. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in AIpost AI WP Writer allows Cross Site Request Forgery.8.4.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in osamaesh WP Visitor Statistics (Real Time Traffic) allows Exploiting Incorrectly Configured Access Control Security Levels.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in spacecodes AI for SEO allows Exploiting Incorrectly Configured Access Control Security Levels.2.9. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in Hive Support Hive Support - WordPress Help Desk allows Exploiting Incorrectly Configured Access Control Security Levels.1.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Server-Side Request Forgery (SSRF) vulnerability in Envato Envato Elements allows Server Side Request Forgery.0.14. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
WeGIA is a web manager for charitable institutions. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
WeGIA is a web manager for charitable institutions. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.
When batch jobs are executed by pgAgent, a script is created in a temporary directory and then executed. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
I, Librarian before and including 5.11.1 is vulnerable to Server-Side Request Forgery (SSRF) due to improper input validation in classes/security/validation.php. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 42.5% and no vendor patch available.
An XML External Entity (XXE) injection vulnerability in Intersec Geosafe-ea 2022.12, 2022.13, and 2022.14 allows attackers to perform arbitrary file reading under the privileges of the running. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Stack Buffer Overflow in PX4-Autopilot v1.14.3, which allows attackers to execute commands to exploit this vulnerability and cause the program to refuse to execute. Rated high severity (CVSS 7.9), this vulnerability is low attack complexity. Public exploit code available.
A vulnerability, which was classified as problematic, has been found in code-projects Online Book Shop 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability exits in driver SmSerl64.sys in Motorola SM56 Modem WDM Driver v6.12.23.0, which allows low-privileged users to mapping physical memory via specially crafted IOCTL requests . Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability exits in driver snxppamd.sys in SUNIX Parallel Driver x64 - 10.1.0.0, which allows low-privileged users to read and write arbitary i/o port via specially crafted IOCTL requests . Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability exits in driver snxpsamd.sys in SUNIX Serial Driver x64 - 10.1.0.0, which allows low-privileged users to read and write arbitary i/o port via specially crafted IOCTL requests . Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
An issue in the snxpcamd.sys component of SUNIX Multi I/O Card v10.1.0.0 allows attackers to perform arbitrary read and write actions via supplying crafted IOCTL requests. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.
Multiple command injection vulnerabilities exist in the web interface of the 501 Wireless Client Bridge which could lead to authenticated remote command execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Multiple command injection vulnerabilities exist in the web interface of the 501 Wireless Client Bridge which could lead to authenticated remote command execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Multiple functions are vulnerable to Authorization Bypass in AIMS eCrew. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
In versions 1.0.67 and lower of the Splunk App for SOAR, the Splunk documentation for that app recommended adding the `admin_all_objects` capability to the `splunk_app_soar` role. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable. No vendor patch available.
A vulnerability classified as critical was found in code-projects Online Book Shop 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability classified as critical has been found in code-projects Online Book Shop 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
In SiWx91x devices, the SHA2/224 algorithm returns a hash of 256 bits instead of 224 bits. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper Access Controls allows access to protected views. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Lack of output escaping in the id attribute of menu lists. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Various module chromes didn't properly process inputs, leading to XSS vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An attacker who successfully exploited these vulnerabilities could cause enable command execution. Rated high severity (CVSS 7.3). No vendor patch available.
An attacker who successfully exploited these vulnerabilities could grant read access to files. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.