A vulnerability, which was classified as critical, has been found in projectworlds Online Admission System 1.0.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability classified as critical was found in code-projects Intern Membership Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability classified as critical was found in SourceCodester Online Hotel Reservation System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability classified as critical has been found in SourceCodester Online Hotel Reservation System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in code-projects Wazifa System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in code-projects Wazifa System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in code-projects Online Farm System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The Medical Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Typewriter widget in all versions up to, and including, 1.6.3 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A flaw was found in the Linux kernel's ksmbd component. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.
A flaw was found in the Linux kernel's ksmbd component. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where it allows a guest to access global resources. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where an attacker could read invalid memory. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
The Ocean Social Sharing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via social icon titles in all versions up to, and including, 2.2.1 due to insufficient input sanitization. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Ultimate Addons for Elementor (Formerly Elementor Header & Footer Builder) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The BitFire Security - Firewall, WAF, Bot/Spam Blocker, Login Security plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.5 via the bitfire_*. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The Image Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The Mmm Unity Loader plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘attributes’ parameter in all versions up to, and including, 1.0 due to insufficient input sanitization. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Magic Edge - Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘height’ parameter in all versions up to, and including, 1.1.6 due to insufficient input sanitization. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The All in One Time Clock Lite - Tracking Employee Time Has Never Been Easier plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'nonce' parameter in all versions up to, and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The Custom Word Cloud plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘angle’ parameter in all versions up to, and including, 0.3 due to insufficient input sanitization and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The WP CTA - Call To Action Plugin, Sticky CTA, Sticky Buttons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_cta_status' and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The ShortPixel Adaptive Images - WebP, AVIF, CDN, Image Optimization plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the API URL Setting in all versions up to, and including,. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.
The 360 Photo Spheres plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sphere' shortcode in all versions up to, and including, 1.3 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's TypeOut Text widget in all versions up to, and including, 1.9.2 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Woffice Core plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the woffice_file_manager_delete() function in all versions up to, and. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
Partner Software's Partner Software application and Partner Web application allows an authenticated user to add notes on the 'Notes' page when viewing a job but does not completely sanitize input,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Files is a module for managing files inside spaces and user profiles. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity.
Cursor is a code editor built for programming with AI. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.