containerd is an open-source container runtime. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.
The IDonate - Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Insecure Direct Object Reference via the admin_post_donor_delete() function in versions 2.0.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
The IDonate - Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the idonate_donor_password() function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.
The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the copy_post_image() function in all versions up to, and including, 2.9.20. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
kgateway is a Cloud-Native API and AI Gateway. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.
OctoPrint provides a web interface for controlling consumer 3D printers. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity.
Dosage is a comic strip downloader and archiver. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Manager-io/Manager is accounting software. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The LC Wizard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check in the ghl-wizard/inc/wp_user.php file in versions 1.2.10 to 1.3.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
CLUSTERPRO X for Linux 4.0, 4.1, 4.2, 5.0, 5.1 and 5.2 and EXPRESSCLUSTER X for Linux 4.0, 4.1, 4.2, 5.0, 5.1 and 5.2, CLUSTERPRO X SingleServerSafe for Linux 4.0, 4.1, 4.2, 5.0, 5.1 and 5.2,. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in Nuxt DevTools has been fixed in version **2.6.4***. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.
A vulnerability in Vercel’s AI SDK has been fixed in versions 5.0.52, 5.1.0-beta.9, and 6.0.0-beta. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.
A flaw was found in Red Hat Single Sign-On. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.