The Just Highlight plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Highlight Color' setting in all versions up to, and including, 1.0.3 due to insufficient input. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.
The Zweb Social Mobile - Ứng Dụng Nút Gọi Mobile plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘vithanhlam_zsocial_save_messager’, 'vithanhlam_zsocial_save_zalo',. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.
The YouTube Subscribe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.0 due to insufficient input sanitization and. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.
The Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 14. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Frontend File Manager Plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 23.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Conditional Maintenance Mode for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a NULL pointer dereference. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Primakon Pi Portal 1.0.18 /api/v2/users endpoint is vulnerable to unauthorized data exposure due to deficient access control mechanisms. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Refund Request for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_refund_status' function in all versions up. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Peer Publish plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The Search Exclude plugin for WordPress is vulnerable to unauthorized modification of data due to a insufficient capability check on the Base::get_rest_permission() method in all versions up to, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1 could disclose sensitive information due to a missing or insecure SameSite. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Contao is an Open Source CMS. Rated low severity (CVSS 3.3), this vulnerability is remotely exploitable. No vendor patch available.
NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a resource to be reused. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause incorrect control flow behavior. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity. No vendor patch available.
VictoriaMetrics is a scalable solution for monitoring and managing time series data. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a resource to be reused. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.
A user with access to the cluster with a limited set of privilege actions may be able to terminate queries that are being executed by other users. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable. No vendor patch available.
Clients may successfully perform a TLS handshake with a MongoDB server despite presenting a client certificate not aligning with the documented Extended Key Usage (EKU) requirements. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable. No vendor patch available.
Cross-site request forgery vulnerability exists in SNC-CX600W versions prior to Ver.2.8.0. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Rejected reason: Not used. No vendor patch available.
Rejected reason: Not used. No vendor patch available.
Rejected reason: Not used. No vendor patch available.
Rejected reason: Not used. No vendor patch available.
Rejected reason: Not used. No vendor patch available.
Rejected reason: Not used. No vendor patch available.
Rejected reason: Not used. No vendor patch available.
Rejected reason: Not used. No vendor patch available.
Rejected reason: Not used. No vendor patch available.