All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.9.19 are vulnerable to cross-site request forgery (CSRF). Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability was found in code-projects Chat System 1.0 and classified as critical.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability has been found in code-projects Job Recruitment 1.0 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability, which was classified as critical, was found in code-projects Train Ticket Reservation System 1.0. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability, which was classified as critical, has been found in Tenda AC8, AC10 and AC18 16.03.10.20. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability classified as critical was found in code-projects Admission Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Newtec NTC2218, NTC2250, NTC2299 on Linux, PowerPC, ARM (Updating signaling process in the swdownload binary. Rated critical severity (CVSS 9.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Newtec/iDirect NTC2218, NTC2250, NTC2299 on Linux, PowerPC, ARM allows Local Code. Rated critical severity (CVSS 9.3), this vulnerability is low attack complexity. No vendor patch available.
and potential remote code execution on workstation when a non-admin authenticated user opens a malicious project file. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
cause information disclosure of restricted web page, modification of web page and denial of service when specific web pages are modified and restricted functions are invoked. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
could allow an unauthorized attacker to modify configuration values outside of the normal range when the attacker sends specific Modbus write packets to the device which could result in invalid data. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
authorized attacker to modify values outside those defined by their privileges (Elevation of Privileges) when the attacker sends modified HTTPS requests to the device. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style_settings’ parameter in versions 2.9.0.1 up to, and including, 2.9.1.3 due to insufficient input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘alt’ parameter in all versions up to, and including, 2.9.1.3 due to insufficient input sanitization and. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
cause information disclosure, impacts workstation integrity and potential remote code execution on the compromised computer, when specific crafted XML file is imported in the Web Designer. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
exists that could cause partial loss of confidentiality, loss of integrity and availability of the HMI when attacker performs man in the middle attack by intercepting the communication. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
The WP Hotel Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check when adding rooms in all versions up to, and including, 2.1.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
product when an unauthenticated user is sending a crafted HTTPS packet to the webserver. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
could allow local attackers to exploit these issues to potentially execute arbitrary code when opening a malicious project file. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
The quote-posttype-plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Author field in all versions up to, and including, 1.2.2 due to insufficient input sanitization and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Sandbox plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the export_download action in all versions up to, and including, 0.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Sandbox plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'debug' parameter in all versions up to, and including, 0.4 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The MyBookProgress by Stormhill Media plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘book’ parameter in all versions up to, and including, 1.0.8 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Glofox Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'glofox' and 'glofox_lead_capture ' shortcodes in all versions up to, and including, 2.6 due. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Proofreading plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'nonce' parameter in all versions up to, and including, 1.2.1.1 due to insufficient input sanitization. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The RSS Icon Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link_color’ parameter in all versions up to, and including, 5.2 due to insufficient input sanitization. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.
The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fma_local_file_system' function in versions 5.2.12 to 5.2.13. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Epss exploitation probability 13.9%.
TrueFiling is a collaborative, web-based electronic filing system where attorneys, paralegals, court reporters and self-represented filers collect public legal documentation into cases. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The Eventer plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.9.7 via the eventer_woo_download_tickets() function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The WP Inventory Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message' parameter in all versions up to, and including, 2.3.2 due to insufficient input. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The Payment Button for PayPal plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp_paypal_checkout' shortcode in all versions up to, and including, 1.2.3.35 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Checkout for PayPal plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'checkout_for_paypal' shortcode in all versions up to, and including, 1.0.32 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM QRadar WinCollect Agent 10.0.0 through 10.1.12 could allow a remote attacker to inject XML data into parameter values due to improper input validation of assumed immutable data. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
IBM InfoSphere Information Server 11.7 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Windows Secure Kernel Mode Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Fuji Electric Alpha5 SMART is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.