The WordPress Tag, Category, and Taxonomy Manager WordPress plugin before 3.30.0 does not sanitise and escape some of its Widgets settings, which could allow high privilege users such as admin to. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The WP-Recall WordPress plugin before 16.26.12 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in inclusionAI AWorld up to 8c257626e648d98d793dd9a1a950c2af4dd84c4e. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
The device’s passwords have not been adequately salted, making them vulnerable to password extraction attacks. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
DevExpress before 23.1.3 does not properly protect XtraReport serialized data in ASP.NET web forms. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.
DevExpress before 23.1.3 allows arbitrary TypeConverter conversion. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.
DevExpress before 23.1.3 has a data-source protection mechanism bypass during deserialization on XML data. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.
When a Web User without Create permission on subfolders attempts to upload a file to a non-existent directory, the error message includes the absolute server path which may allow Fuzzing for. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
In Snowflake ODBC Driver before 3.7.0, in certain code paths, the Driver logged the whole SQL query at the INFO level, aka Insertion of Sensitive Information into a Log File. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
gosnowflake is the Snowflake Golang driver. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.
snowflake-connector-net is the Snowflake Connector for .NET. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.
snowflake-connector-nodejs is a NodeJS driver for Snowflake. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.
DIFY is an open-source LLM app development platform. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Dell PowerProtect Data Manager Reporting, version(s) 19.16, 19.17, 19.18, contain(s) an Improper Neutralization of Special Elements Used in a Template Engine vulnerability. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in OpenText™ Digital Asset Management. Rated low severity (CVSS 2.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.