PHPJabbers Restaurant Booking System v3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "seat_name, plugin_sms_api_key, plugin_sms_country_code, title, name" parameters. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
PHPJabbers Restaurant Booking System v3.0 is vulnerable to Reflected Cross-Site Scripting (XSS) in Reservations menu, Schedule section date parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
PHPJabbers Shared Asset Booking System v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "title, name" parameters. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
PHPJabbers Event Ticketing System v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "name, title" parameters. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Cross Site Scripting vulnerabilities in phpcmsv9 v.9.6.3 allows a remote attacker to escalate privileges via a crafted script. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
PHPJabbers Night Club Booking Software v1.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Cinema Booking System v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Relative Path Traversal vulnerability in Ping Identity PingAM Java Policy Agent allows Parameter Injection.10.3, through 2023.11.1, through 2024.9. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
PHPJabbers Meeting Room Booking System v1.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
PHPJabbers Cinema Booking System v1.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Authenticated privilege escalation in NetScaler Console and NetScaler Agent allows. Rated high severity (CVSS 8.8). No vendor patch available.
Rapid Response Monitoring My Security Account App utilizes an API that could be exploited by an attacker to modify request data, potentially causing the API to return information about other users. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
OpenH264 is a free license codec library which supports H.264 encoding and decoding. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A lack of rate limiting in the 'Forgot Password', 'Email Settings' feature of PHPJabbers Car Park Booking System v3.0 allows attackers to send an excessive amount of email for a legitimate user,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A lack of rate limiting in the 'Email Settings' feature of PHPJabbers Car Park Booking System v3.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Meeting Room Booking System v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Hermes versions up to 0.4.0 improperly validated the JWT provided when using the AWS ALB authentication mode, potentially allowing for authentication bypass. Rated high severity (CVSS 8.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
The Ultimate Classified Listings plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.
Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the index parameter in the formWifiMacFilterSet function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.
Bundle Protocol and CBOR dissector crashes in Wireshark 4.4.0 to 4.4.3 and 4.2.0 to 4.2.10 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
IBM Security Verify Access Appliance 10.0.0.0 through 10.0.0.9 and 11.0.0.0 could allow a local user to execute arbitrary code due to improper restrictions on code generation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Nagios XI 2024R1.2.2 has an Information Disclosure vulnerability, which allows unauthenticated users to access multiple pages displaying the usernames and email addresses of all current users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue was discovered in Atos Eviden BullSequana XH2140 BMC before C4EM-125: OMF_C4E 101.05.0014. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable. No vendor patch available.
The WooCommerce Food - Restaurant Menu & Food ordering plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.2. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The LTL Freight Quotes - GlobalTranz Edition plugin for WordPress is vulnerable to SQL Injection via the 'engtz_wd_save_dropship' AJAX endpoint in all versions up to, and including, 2.3.11 due to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
An issue in QiboSoft QiboCMS X1.0 allows a remote attacker to obtain sensitive information via the http_curl() function in the '/application/common. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue in trenoncourt AutoQueryable v.1.7.0 allows a remote attacker to obtain sensitive information via the Unselectable function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in UD-LT2 firmware Ver.1.00.008_SE and earlier. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to an XML external entity injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A SQL Injection vulnerability in Nagios XI 2024R1.2.2 allows a remote attacker to execute SQL injection via a crafted payload in the History Tab component. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Erlang is a programming language and runtime system for building massively scalable soft real-time systems with requirements on high availability. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable. No vendor patch available.
Nagios XI 2024R1.2.2 is vulnerable to a Cross-Site Request Forgery (CSRF) attack through the Favorites component, enabling POST-based Cross-Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Nagios XI 2024R1.2.2 is susceptible to a stored Cross-Site Scripting (XSS) vulnerability in the Tools page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
IBM OpenPages with Watson 8.3 and 9.0 could allow a remote attacker to spoof mail server identity when using SSL/TLS security. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows non-administrative privileges to disable the agent. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.
Dell RecoverPoint for Virtual Machines 6.0.X contains a command execution vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.
PHPJabbers Cinema Booking System v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "title, name" parameters. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The Legoeso PDF Manager plugin for WordPress is vulnerable to time-based SQL Injection via the ‘checkedVals’ parameter in all versions up to, and including, 1.2.2 due to insufficient escaping on the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The product does not perform an authorization check when an actor attempts to access a resource or perform an action. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Content Blocks (Custom Post Widget) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘content’ parameter within the plugin's shortcode Content Block in all versions up. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
The Modal Window - create popup modal window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'iframeBox' shortcode in all versions up to, and including, 6.1.5 due. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
The Embed Any Document - Embed PDF, Word, PowerPoint and Excel Files plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.7.5 via the 'embeddoc'. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Transparent Split Hero widget in all versions up to, and including, 1.5.140 due. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Bandsintown Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bandsintown_events' shortcode in all versions up to, and including, 1.3.1 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Login/Signup Popup ( Inline Form + Woocommerce ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's xoo_el_action shortcode in all versions up to, and including,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
The Elementor Website Builder - More Than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the border, margin and gap parameters in all versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
The Typed JS: A typewriter style animation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘typespeed’ parameter in all versions up to, and including, 1.2.0 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
DDSN Interactive cm3 Acora CMS version 10.1.1 contains an improper access control vulnerability. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.