Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally. [CVSS 7.3 HIGH]
Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally. [CVSS 7.3 HIGH]
Uncontrolled search path element in Visual Studio Code allows an authorized attacker to elevate privileges locally. [CVSS 7.3 HIGH]
A vulnerability classified as critical has been found in libzvb versions up to 0.2.43. contains a security vulnerability (CVSS 7.3).
A vulnerability classified as critical was found in libzvb versions up to 0.2.43. contains a security vulnerability (CVSS 7.3).
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly sanitize user input when creating new SNMP users. [CVSS 7.2 HIGH]
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly sanitize user input when creating new users. [CVSS 7.2 HIGH]
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly sanitize user input when creating new VXLAN configurations. [CVSS 7.2 HIGH]
Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally. [CVSS 7.3 HIGH]
NVIDIA Riva contains a vulnerability where a user could cause an improper access control issue. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, denial of service, or information disclosure. [CVSS 7.3 HIGH]
gestione_utenti.php endpoint of HotelDruid 3.0.7 is affected by cross-site request forgery (csrf) (CVSS 7.3).
A post-authentication command injection vulnerability in the ”zyUtilMailSend” function of the Zyxel AX7501-B1 firmware version V5.17(ABPC.5.3)C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device. [CVSS 7.2 HIGH]
A post-authentication command injection vulnerability in the "ZyEE" function of the Zyxel EX5601-T1 firmware version V5.70(ACDZ.3.6)C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device. [CVSS 7.2 HIGH]
A post-authentication command injection vulnerability in the "DNSServer” parameter of the diagnostic function in the Zyxel VMG8825-T50K firmware version V5.50(ABOM.8.5)C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device. [CVSS 7.2 HIGH]
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly limit the scope of files accessible through and the privileges of the SFTP functionality. [CVSS 7.2 HIGH]
Multiple improper neutralization of special elements used in an OS Command vulnerabilities [CWE-78] in FortiSandbox before 4.4.5 allows a privileged attacker to execute unauthorized commands via crafted requests. [CVSS 7.2 HIGH]
A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.0 through 7.4.4, version 7.2.0 through 7.2.9, version 7.0.0 through 7.0.15 and before 6.4.15, FortiProxy version 7.4.0 through 7.4.6, version 7.2.0 through 7.2.12 and before 7.0.19, FortiPAM version 1.4.0 through 1.4.2 and before 1.3.1, FortiSRA version 1.4.0 through 1.4.2 and before 1.3.1 and FortiWeb version 7.4.0 through 7.4.5, version 7.2.0 through 7.2.10 and before 7.0.10 allows a privileged attac...
Improper link resolution before file access ('link following') in Microsoft Windows allows an authorized attacker to elevate privileges locally. [CVSS 7.1 HIGH]
NVIDIA Nemo Framework contains a vulnerability where a user could cause a relative path traversal issue by arbitrary file write. A successful exploit of this vulnerability may lead to code execution and data tampering. [CVSS 7.1 HIGH]
Stored cross-site scripting in Featured Posts Grid WordPress plugin (versions up to 1.7) allows remote attackers to inject malicious scripts that execute in administrator browsers. Patchstack reporting indicates this is a CSRF-to-Stored-XSS chain, meaning attackers can trick authenticated administrators into unknowingly storing malicious payloads. EPSS probability is low (0.09%, 26th percentile) with no CISA KEV listing, indicating targeted rather than widespread exploitation risk. The Changed scope (S:C) in CVSS vector indicates the vulnerability can affect resources beyond the vulnerable component's security scope.
Stored cross-site scripting (XSS) in the Custom top bar WordPress plugin versions up to 2.0.2 allows remote attackers to inject malicious scripts that execute in victim browsers when they view affected pages. The vulnerability is exploitable via network access without authentication but requires user interaction (victim visiting a page with injected payload). EPSS score of 0.09% (26th percentile) indicates low probability of mass exploitation at time of analysis. Patchstack reporting suggests this may be chained with CSRF based on reference URL pattern, though not explicitly confirmed in the CVE description.
Incorrect behavior order in some Zoom Workplace App versions up to 6.3.0 contains a vulnerability that allows attackers to an authenticated user to conduct a denial of service via network access (CVSS 7.1).
CSRF vulnerability in the MaxA/B WordPress plugin (versions ≤2.2.2) chains into stored cross-site scripting, allowing remote attackers to inject malicious scripts into the WordPress admin interface via social engineering. The vulnerability requires user interaction (administrator must be tricked into visiting an attacker-controlled page while authenticated) but requires no authentication by the attacker. EPSS probability is low (0.05%, 14th percentile) indicating minimal observed exploitation attempts. No CISA KEV listing or public POC identified at time of analysis, suggesting limited real-world targeting.
Stored XSS via CSRF in Insert Code WordPress plugin versions through 2.4 allows unauthenticated remote attackers to inject malicious scripts by tricking authenticated administrators into executing forged requests. The CSRF weakness (CWE-352) enables attackers to bypass normal access controls and store XSS payloads in the plugin's code insertion functionality. With CVSS 7.1 (High) and changed scope (S:C), successful exploitation impacts confidentiality, integrity, and availability across security boundaries. EPSS score of 0.05% (14th percentile) indicates low probability of mass exploitation, and no public exploit code or CISA KEV listing identified at time of analysis.
Stored cross-site scripting (XSS) in DevriX Hashtags WordPress plugin 0.3.2 and earlier allows remote attackers to inject malicious scripts via CSRF-chained attack. Unauthenticated attackers can trick authenticated administrators into executing malicious requests that persist XSS payloads in the application. EPSS score of 0.05% (14th percentile) indicates low automated exploitation likelihood despite network attack vector. No active exploitation confirmed via CISA KEV, though publicly available exploit code exists. Scope change in CVSS vector indicates malicious script executes in victim's browser context, enabling session hijacking or privilege escalation.
Stored cross-site scripting (XSS) in WordPress plugin WATI Chat and Notification versions through 1.1.2 can be triggered via CSRF attack, enabling attackers to inject persistent malicious scripts into the WordPress site. The vulnerability requires user interaction from an authenticated administrator but no direct authentication by the attacker, allowing scope change (S:C) that affects resources beyond the vulnerable component. EPSS score of 0.05% (14th percentile) indicates low current exploitation probability. Reported by Patchstack security research team, no CISA KEV listing or public POC identified at time of analysis.
Cross-site scripting (stored XSS) via CSRF in No Disposable Email WordPress plugin through version 2.5.1 allows remote attackers to inject malicious scripts into the site's database. An attacker tricks an authenticated administrator into submitting a crafted request, which bypasses CSRF protections and stores XSS payload that executes when other users access affected pages. EPSS score of 0.05% (14th percentile) indicates low probability of widespread exploitation, with no active exploitation (not in CISA KEV) or public POC identified at time of analysis.
CSRF vulnerability in the Go To Top WordPress plugin through version 0.0.8 enables attackers to store malicious JavaScript via cross-site request forgery. An authenticated administrator or privileged user can be tricked into executing a forged request that injects persistent XSS payloads into the plugin's settings or content areas. The CVSS score of 7.1 reflects changed scope and multi-step exploitation requirements (CSRF leading to stored XSS). EPSS score of 0.05% (14th percentile) indicates very low probability of mass exploitation, consistent with a targeted attack against WordPress administrators requiring social engineering.
Stored XSS via CSRF in Members page only for logged in users WordPress plugin (versions ≤1.4.2) allows remote attackers to inject malicious scripts that execute when administrators view plugin settings. The attack chain requires tricking an authenticated admin into clicking a malicious link or visiting an attacker-controlled page, which submits a forged request storing XSS payloads in the database. EPSS score of 0.05% (14th percentile) indicates low probability of mass exploitation, and no public exploit code or active exploitation has been identified at time of analysis. This is a CSRF-to-stored-XSS chain requiring social engineering against WordPress administrators.
Cross-Site Request Forgery (CSRF) in TabGarb Pro WordPress plugin through version 2.6 enables stored cross-site scripting (XSS) attacks. Unauthenticated remote attackers can craft malicious requests that, when executed by authenticated administrators, inject persistent malicious scripts into the plugin's data. EPSS exploitation probability is low at 0.05% (14th percentile), and no public exploit identified at time of analysis, though the attack chain is well-understood for CSRF-to-XSS vulnerabilities in WordPress plugins.
CSRF in Domain Theme WordPress plugin (versions ≤1.3) allows unauthenticated attackers to inject persistent malicious scripts via tricked administrator actions. The chained vulnerability combines CSRF token absence with inadequate input sanitization, enabling stored XSS payload injection when an admin processes a forged request. EPSS score of 0.05% (14th percentile) indicates low widespread exploitation likelihood, with no active exploitation confirmed (not in CISA KEV) and no public exploit code identified at time of analysis.
Stored XSS via CSRF vulnerability in the List of Posts from each Category WordPress plugin (versions up to 2.0) allows remote attackers to inject persistent malicious scripts into the site by tricking an authenticated administrator into submitting a crafted request. The CSRF weakness (CWE-352) enables the XSS payload delivery without direct admin interaction with malicious content. Publicly disclosed via Patchstack with low EPSS score (0.05%, 14th percentile), indicating minimal observed exploitation attempts despite network-based attack vector requiring only user interaction.
Cross-site scripting (XSS) in FTP Sync WordPress plugin versions ≤1.1.6 allows remote attackers to inject malicious scripts into the application via cross-site request forgery (CSRF). Exploitation requires user interaction (victim must be tricked into clicking a malicious link while authenticated), but no authentication is needed by the attacker to initiate the CSRF vector. The changed scope (S:C) indicates potential impact beyond the vulnerable component. No public exploit identified at time of analysis. EPSS score of 0.05% (14th percentile) suggests low probability of mass exploitation.
Stored XSS can be injected into price-calc WordPress plugin (versions up to 0.6.3) via CSRF attack vector, allowing attackers to execute malicious scripts in administrator browsers when authenticated users are tricked into visiting attacker-controlled pages. This chained vulnerability (CSRF enabling XSS) affects sites with authenticated administrative users and can lead to account compromise, privilege escalation, or malicious site modifications. EPSS score of 0.05% (14th percentile) indicates low probability of widespread exploitation, though the attack requires only user interaction (CVSS UI:R) rather than authentication from the attacker perspective.
Cross-Site Request Forgery (CSRF) in WP Compare Tables plugin versions up to 1.0.5 enables attackers to chain CSRF with Stored XSS, allowing persistent malicious script injection via forged administrative requests. Reported by Patchstack, this vulnerability carries a 7.1 CVSS score with changed scope, indicating potential lateral impact beyond the vulnerable plugin. EPSS score of 0.05% (14th percentile) suggests low current exploitation probability, with no public exploit code or CISA KEV listing at time of analysis. Primary risk is targeted attacks against WordPress administrators through social engineering.
CSRF vulnerability in WP jQuery Persian Datepicker plugin for WordPress enables stored cross-site scripting attacks through versions up to 0.1.0. Attackers can trick authenticated administrators into submitting malicious payloads that persist in the application, enabling later exploitation against other users. EPSS score of 0.05% (14th percentile) indicates low observed exploitation probability, and no public exploit code exists at time of analysis.
Cross-Site Request Forgery (CSRF) in the Google News Editors Picks Feed Generator WordPress plugin (versions ≤2.1) enables attackers to chain exploitation into Stored XSS, allowing malicious scripts to persist in the site database and execute in administrator or user browsers. The attack requires tricking an authenticated administrator into visiting a malicious site or clicking a crafted link (UI:R). EPSS score is very low (0.05%, 14th percentile), indicating minimal real-world exploitation observed. No CISA KEV listing and no public POC identified at time of analysis.
Stored cross-site scripting (XSS) in Rankchecker.io Integration WordPress plugin versions up to 1.0.9 can be triggered via cross-site request forgery (CSRF), enabling attackers to inject malicious scripts into the application that execute in victims' browsers. While the CVSS base score is 7.1 (High), real-world risk is tempered by the required user interaction (UI:R) and low EPSS score (0.05%, 14th percentile), indicating minimal observed exploitation activity. No CISA KEV listing or public exploit code identified at time of analysis.
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. [CVSS 7.0 HIGH]
Improper neutralization of special elements used in a command ('command injection') in Azure Arc allows an authorized attacker to elevate privileges locally. [CVSS 7.0 HIGH]
The Service Layer in SAP Business One, allows attackers to potentially gain unauthorized access and impersonate other users in the application to perform unauthorized actions. [CVSS 6.8 MEDIUM]
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected application does not properly restrict access to the file deletion functionality. [CVSS 6.8 MEDIUM]
Improper privilege management in Azure Agent Installer allows an authorized attacker to elevate privileges locally. [CVSS 6.7 MEDIUM]
Multiple improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiManager, FortiAnalyzer versions 7.4.0 through 7.4.2 7.2.0 through 7.2.5 and 7.0.0 through 7.0.12 and 6.4.0 through 6.4.14 and 6.2.0 through 6.2.12 and 6.0.0 through 6.0.12 and 5.6.0 through 5.6.11 and 5.4.0 through 5.4.7 and 5.2.0 through 5.2.10 and 5.0.0 through 5.0.12 and 4.3.4 through 4.3.8 allows attacker to execute unauthorized code or commands via crafted CLI requests. [CVSS 6.7 MEDIUM]
in Fortinet FortiMail CLI version 7.6.0 versions up to 7.6.1 is affected by stack-based buffer overflow (CVSS 6.7).
Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to elevate privileges with a physical attack. [CVSS 6.6 MEDIUM]
Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to elevate privileges with a physical attack. [CVSS 6.6 MEDIUM]
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network. [CVSS 6.5 MEDIUM]
Improper isolation or compartmentalization in Azure PromptFlow allows an unauthorized attacker to execute code over a network. [CVSS 6.5 MEDIUM]
An issue was discovered in Datalust Seq versions up to 2024.3.13545. is affected by allocation of resources without limits or throttling (CVSS 6.5).