Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in InstaWP InstaWP Connect allows PHP Local File Inclusion.1.0.82. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Bastien Ho Accounting for WooCommerce allows PHP Local File Inclusion.6.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Untrusted data deserialization vulnerability exists in a-blog cms. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Crocoblock JetWooBuilder allows PHP Local File Inclusion.1.18. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.
This issue was addressed with improved data access restriction. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability exists in the Rockwell Automation Verve Asset Manager due to insufficient variable sanitizing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A flaw was found in the OpenShift Lightspeed Service, which is vulnerable to unauthenticated API request flooding. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in Ads by WPQuads Ads by WPQuads allows Exploiting Incorrectly Configured Access Control Security Levels.0.87.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A logic issue was addressed with improved checks. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
The issue was addressed with improved bounds checks. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
A permissions issue was addressed by removing vulnerable code and adding additional checks. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
A vulnerability, which was classified as critical, has been found in Digital China DCME-520 up to 20250320.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ramanparashar Useinfluence allows Stored XSS.0.8. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in owenr88 Simple Contact Forms allows Stored XSS.6.4. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ta2g Tantyyellow allows Reflected XSS.0.0.5. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds write issue was addressed with improved input validation. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in richtexteditor Rich Text Editor allows Stored XSS.0.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in Gagan Deep Singh PostmarkApp Email Integrator allows Cross Site Request Forgery.4. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in AdminGeekZ Varnish WordPress allows Cross Site Request Forgery.7. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in Aboobacker. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in leadfox Leadfox for WordPress allows Cross Site Request Forgery.1.8. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in Ashish Ajani WP Copy Media URL allows Stored XSS.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in wp-buy Related Posts Widget with Thumbnails allows Stored XSS.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in wp-buy wordpress related Posts with thumbnails allows Stored XSS.0.0.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in riosisgroup Rio Video Gallery allows Stored XSS.3.6. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A permissions issue was addressed with additional sandbox restrictions. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
gifplayer is a customizable jquery plugin to play and stop animated gifs. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
When running the AWS Serverless Application Model Command Line Interface (SAM CLI) build process with Docker and symlinks are included in the build files, the container environment allows a user to. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
After completing a build with AWS Serverless Application Model Command Line Interface (SAM CLI) which include symlinks, the content of those symlinks are copied to the cache of the local workspace as. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The issue was addressed with improved checks. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Matomo Analytics allows Cross Site Request Forgery.0.0 before 1.24.0. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Google Tag allows Cross Site Request Forgery.0.0 before 1.8.0, from 2.0.0 before 2.0.8. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Configuration Split allows Cross Site Request Forgery.0.0 before 1.10.0, from 2.0.0 before 2.0.2. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in Drupal OAuth2 Client allows Cross Site Request Forgery.0.0 before 4.1.3. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
The issue was addressed with improved checks. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable. No vendor patch available.
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Drupal AI (Artificial Intelligence) allows OS Command Injection.0.0 before 1.0.5. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.
A logic issue was addressed with improved checks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Vulnerability in Drupal Drupal Admin LTE theme.*. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.
Unrestricted Upload of File with Dangerous Type vulnerability in appointify Appointify allows Upload a Web Shell to a Web Server.0.8. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Vulnerability in Drupal Flattern - Multipurpose Bootstrap Business Profile.*. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.
Vulnerability in Drupal Material Admin.*. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.
A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
This issue was addressed by restricting options offered on a locked device. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A script imports issue was addressed with improved isolation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A downgrade issue was addressed with additional code-signing restrictions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in Blocksera Cryptocurrency Widgets Pack allows Exploiting Incorrectly Configured Access Control Security Levels.0.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jacob Allred Infusionsoft Web Form JavaScript allows Stored XSS.1.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LABCAT Processing Projects allows DOM-Based XSS.0.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in davidpaulsson byBrick Accordion allows Stored XSS.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in carperfer CoverManager allows Stored XSS.0.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.