A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.133, and Liferay DXP 2025.Q1.0 through 2025.Q1.4 ,2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Astro is a web framework for content-driven websites. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.
A vulnerability was found in macrozheng mall 1.0.3. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
A vulnerability has been found in zlt2000 microservices-platform up to 6.0.0 and classified as problematic. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Easy Hosting Control Panel EHCP v20.04.1.b was discovered to contain a SQL injection vulnerability via the id parameter in the Change Settings function. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
A reflected cross-site scripting (XSS) vulnerability in the List All FTP User Function in EHCP v20.04.1.b allows authenticated attackers to execute arbitrary JavaScript via injecting a crafted. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
OpenMetadata <=1.4.4 is vulnerable to SQL Injection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
OpenMetadata <=1.4.4 is vulnerable to SQL Injection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The public-facing product registration endpoint server responds differently depending on whether the S/N is valid and unregistered, valid but already registered, or does not exist in the database. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
IBM Cloud Pak for Business Automation 24.0.0 through 24.0.0 IF005 and 24.0.1 through 24.0.1 IF002 could allow an authenticated user to view sensitive user and system information due to an indirect. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Path Traversal vulnerability in API Endpoint in Mobile Industrial Robots (MiR) Software Versions prior to 3.0.0 on MiR Robots allows authenticated users to extract files from the robot file system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer) WordPress plugin through 1.2.0 does not validate and escape some of its block options before outputting them back. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Powered BLUE Server versions 0.20130927 and prior contain a path traversal vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Powered BLUE 870 versions 0.20130927 and prior contain an OS command injection vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An HTML injection vulnerability exists in WordPress plugin "Advanced Custom Fields" prior to 6.4.3. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
EnzoH has an OS command injection vulnerability. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.
EnzoH has an OS command injection vulnerability. Rated medium severity (CVSS 4.5). No vendor patch available.
EnzoH has an OS command injection vulnerability. Rated medium severity (CVSS 5.0). No vendor patch available.
uv is a Python package and project manager written in Rust. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.