Yahei-PHP Prober 0.4.7 contains a remote HTML injection vulnerability that allows attackers to execute arbitrary HTML code through the 'speed' GET parameter. Attackers can inject malicious HTML code in the 'speed' parameter of prober.php to trigger cross-site scripting in user browser sessions. [CVSS 6.1 MEDIUM]
V-SOL GPON/EPON OLT Platform v2.03 contains multiple reflected cross-site scripting vulnerabilities due to improper input sanitization in various script parameters. [CVSS 6.1 MEDIUM]
SOCA Access Control System 180612 contains a cross-site scripting vulnerability in the 'senddata' POST parameter of logged_page.php that allows attackers to inject malicious scripts. [CVSS 6.1 MEDIUM]
When using `CURLOPT_PINNEDPUBLICKEY` option with libcurl or `--pinnedpubkey` with the curl tool,curl should check the public key of the server certificate to verify the peer. [CVSS 5.9 MEDIUM]
Kirby CMS versions 5.0.0-5.2.1 fail to enforce permission checks in the content changes API, allowing authenticated users with restricted roles to modify site content despite having update permissions disabled. This affects only installations with custom permission configurations designed to prevent write access for specific user roles. A patch is available in version 5.2.2.
The ECDSA implementation of the Elliptic package generates incorrect signatures if an interim value of 'k' (as computed based on step 3.2 of RFC 6979 https://datatracker.ietf.org/doc/html/rfc6979 ) has leading zeros and is susceptible to cryptanalysis, which can lead to secret key exposure. [CVSS 5.6 MEDIUM]
Ideagen DevonWay is vulnerable to stored cross-site scripting in the Reports page, allowing authenticated attackers to inject malicious scripts that execute when other users view affected reports. This vulnerability impacts all users with access to DevonWay reports and enables session hijacking, credential theft, or malware distribution. No patch is currently available; versions 2.62.4 and 2.62 LTS are noted as fixed versions.
Stored cross-site scripting in OPEXUS eCASE Audit enables authenticated users to inject malicious JavaScript through the "Estimated Staff Hours" comment field, which executes when other users access the Project Cost tab. This allows attackers with valid credentials to compromise other users' sessions and perform unauthorized actions within the application. No patch is currently available for this vulnerability.
Stored cross-site scripting in OPEXUS eCASE Audit's Project Setup functionality allows authenticated users to inject malicious JavaScript into the "A or SIC Number" field that executes in other users' browsers when they view the project. An attacker with valid credentials can exploit this to steal session tokens, perform unauthorized actions, or compromise data for all project viewers. No patch is currently available.
OPEXUS eCASE Audit's Document Check Out feature contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious JavaScript into comments, which executes in the browsers of other users viewing the Action History Log. This could enable attackers with valid credentials to steal session tokens, perform unauthorized actions, or compromise other users' accounts. No patch is currently available for affected installations.
An issue was discovered in Nitro PDF Pro for Windows before 14.42.0.34. In certain cases, it displays signer information from a non-verified PDF field rather than from the verified certificate subject. [CVSS 5.5 MEDIUM]
Remote code execution in Ubiquiti airMAX and airFiber wireless products allows adjacent attackers to execute arbitrary code on affected devices via a flaw in the airMAX Wireless Protocol without requiring authentication. Vulnerable versions include airMAX AC 8.7.20 and earlier, airMAX M 6.3.22 and earlier, airFiber AF60-XG 1.2.2 and earlier, and airFiber AF60 2.6.7 and earlier. Patches are available for all affected products.
Improper access control in GA4WP: Google Analytics for WordPress versions up to 2.10.0 allows authenticated users to modify or disable analytics functionality through misconfigured permissions. An attacker with low-privilege WordPress access could leverage this vulnerability to manipulate analytics data or disrupt monitoring capabilities. The vulnerability carries a MEDIUM severity rating with no patch currently available.
Improper access control in the Bulk Landing Page Creator for WordPress (LPagery) plugin versions through 2.4.9 allows authenticated users to modify or delete landing pages without proper authorization checks. An attacker with low-privilege WordPress access could exploit this to tamper with site content or disrupt operations. No patch is currently available.
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Noor Alam Easy Media Download easy-media-download allows Reflection Injection.This issue affects Easy Media Download: from n/a through <= 1.1.11. [CVSS 5.4 MEDIUM]
Inadequate access control in IdeaBox Creations Dashboard Welcome for Beaver Builder (versions through 1.0.8) permits unauthorized users to modify data without proper authentication. An unauthenticated attacker can exploit misconfigured security levels to perform unauthorized actions over the network with no user interaction required. No patch is currently available to address this vulnerability.
The Hakob Re Gallery & Responsive Photo Gallery Plugin through version 1.17.18 contains an authorization bypass that permits unauthenticated attackers to modify gallery content due to improperly enforced access controls. This vulnerability affects all installations of the plugin and could allow attackers to alter or deface photo galleries without authentication. No patch is currently available.
When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. [CVSS 5.3 MEDIUM]
Keycloak's Authorization header parser improperly tolerates non-RFC 6750 compliant formatting, including tabs and case variations in Bearer token authentication. This lax validation could enable attackers to bypass authentication mechanisms or manipulate token validation logic in applications relying on strict Bearer token parsing. No patch is currently available for this medium-severity vulnerability.
Werkzeug versions prior to 3.1.5 fail to properly validate Windows reserved device names in the safe_join function, allowing attackers to bypass path restrictions by using device names with file extensions or trailing spaces (e.g., CON.txt, AUX ). This denial of service vulnerability affects Windows systems running vulnerable Werkzeug versions and could allow an unauthenticated remote attacker to access restricted files or cause application crashes. A patch is available in version 3.1.5 and later.
The RSA crate versions prior to 0.9.10 crash when constructing private keys with invalid prime components (such as 1), allowing an attacker to trigger a denial of service by providing malformed key material. This affects applications using the vulnerable RSA library for cryptographic operations. A patch is available in version 0.9.10 and later.
G5Theme Zorka versions up to 1.5.7 contain a missing authorization vulnerability that allows unauthenticated remote attackers to modify data through incorrectly configured access controls. An attacker can exploit this to perform unauthorized state-changing operations without proper authentication or user interaction. No patch is currently available for this vulnerability.
Directus versions prior to 11.14.0 contain an open redirect vulnerability in the SAML authentication callback that allows unauthenticated attackers to redirect users to arbitrary external URLs by manipulating the RelayState parameter. The validation checks present during login initiation are not applied to the callback endpoint, enabling phishing and credential theft attacks. A patch is available in version 11.14.0 and later.
Docket Cache versions through 24.07.04 contain an access control bypass that allows authenticated users to perform unauthorized actions due to improper permission validation. An attacker with valid credentials can exploit this vulnerability to cause denial of service or access restricted functionality. No patch is currently available.
Wptexture Image Slider Slideshow versions through 1.8 contain an authorization bypass flaw that allows authenticated users to modify content by manipulating access control parameters. An attacker with user-level access could exploit incorrectly configured security controls to perform unauthorized actions beyond their assigned privileges. No patch is currently available for this vulnerability.
Baqend Speed Kit versions through 2.0.2 contain an authorization bypass that allows authenticated users to modify data by exploiting misconfigured access control levels. An attacker with valid credentials could escalate privileges to alter information they should not have permission to change. No patch is currently available.
The Folders - Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager plugin for WordPress is vulnerable to Unauthorized Arbitrary Media Replacement in all versions up to, and including, 3.1.5. [CVSS 4.3 MEDIUM]
Campaign Monitor Campaign Monitor for WordPress forms-for-campaign-monitor is affected by missing authorization (CVSS 4.3).