The Greenshift animation and page builder plugin for WordPress (up to version 12.6) fails to properly validate user capabilities on the greenshift_app_pass_validation() function, allowing authenticated subscribers and above to extract sensitive plugin configuration including stored AI API keys and inject malicious scripts through the custom_css setting. This combination of information disclosure and stored cross-site scripting (XSS) requires only valid WordPress user credentials to exploit, with a partial patch available in version 12.6.
Axigen Mail Server before 10.5.57 allows stored Cross-Site Scripting (XSS) in the handling of the timeFormat account preference parameter. Attackers can exploit this by deploying a multi-stage attack. [CVSS 5.4 MEDIUM]
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.3.5. [CVSS 5.3 MEDIUM]
Html contains a vulnerability that allows attackers to denial of service (DoS) if an attacker provides specially crafted HTML content (CVSS 5.3).
Authenticated users can modify arbitrary user profile and cover images in WordPress ProfileGrid plugin versions up to 5.9.7.2 due to missing authorization checks in the image upload AJAX handlers. Attackers with Subscriber-level access can exploit this to deface administrator accounts and other users' profiles. No patch is currently available for this integrity vulnerability.
IBM App Connect Enterprise Certified Container versions up to 12.19.0 is affected by untrusted search path (CVSS 5.1).
Tanium addressed an improper link resolution before file access vulnerability in Enforce. [CVSS 5.0 MEDIUM]
Arbitrary file read in ShortPixel Image Optimizer plugin for WordPress through path traversal in the loadLogFile AJAX action allows authenticated users with Editor-level privileges or higher to access sensitive server files including database credentials. The vulnerability exists in versions up to 6.4.2 due to insufficient path validation on the loadFile parameter, and no patch is currently available.
Tanium addressed an information disclosure vulnerability in Threat Response. [CVSS 4.9 MEDIUM]
Tanium addressed an information disclosure vulnerability in Threat Response. [CVSS 4.9 MEDIUM]
Quick.Cart version 6.7 stores user passwords in plaintext, allowing authenticated administrators to retrieve plaintext credentials through the user editing interface. This vulnerability poses a significant risk in multi-administrator environments where high-privileged users may abuse account access. No patch is currently available, and other versions may be similarly affected though unconfirmed.
Open redirect in web2py 2.27.1 and earlier allows unauthenticated remote attackers to redirect users to arbitrary websites via specially crafted URLs, potentially facilitating phishing attacks. The vulnerability requires user interaction to exploit and affects the application's integrity with network-accessible attack vectors. No patch is currently available.
Improper access controls in Wekan's REST API endpoint (models/boards.js) prior to version 8.21 allow authenticated users to modify resources they should not have permission to access. The vulnerability requires valid credentials but no user interaction, making it exploitable by any authenticated attacker with network access. Administrators should upgrade to version 8.21 or later to remediate this issue.
Tanium addressed an uncontrolled resource consumption vulnerability in Connect. [CVSS 4.3 MEDIUM]
Tanium addressed an improper access controls vulnerability in Reputation. [CVSS 4.3 MEDIUM]
Tanium addressed an information disclosure vulnerability in Threat Response. [CVSS 4.3 MEDIUM]
Tanium addressed an improper access controls vulnerability in Deploy. [CVSS 4.3 MEDIUM]
Tanium addressed an improper access controls vulnerability in Patch. [CVSS 4.3 MEDIUM]
The ProfileGrid - User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized user suspension due to a missing capability check on the pm_deactivate_user_from_group() function in all versions up to, and including, 5.9.7.2. [CVSS 4.3 MEDIUM]
WeKan versions up to 8.20 contain an authorization bypass in the position history tracking functionality that allows authenticated remote attackers to access sensitive information without proper permissions. The vulnerability exists in the server/methods/positionHistory.js file and can be exploited by any user with login credentials. Upgrading to version 8.21 or later resolves this issue.
Tanium addressed an information disclosure vulnerability in Threat Response. [CVSS 4.3 MEDIUM]
Tanium addressed an information disclosure vulnerability in Threat Response. [CVSS 4.3 MEDIUM]
Tanium addressed an improper certificate validation vulnerability in Tanium Appliance. [CVSS 3.7 LOW]
Fortinet FortiOS versions up to 7.6.6 contains a vulnerability that allows attackers to decrypt LDAP credentials stored in device configuration files, as exploited in t (CVSS 3.2).
Tanium addressed an improper access controls vulnerability in Interact. [CVSS 3.1 LOW]
Tanium addressed an improper input validation vulnerability in Tanium Appliance. [CVSS 2.7 LOW]
SQL injection in iomad's Company Admin Block component through version 5.0 allows remote attackers with high privileges to manipulate backend queries and gain unauthorized access to sensitive data. The vulnerability requires administrator credentials to exploit but enables attackers to read, modify, or delete database contents within the application's security context. No patch is currently available.
Path Traversal vulnerability in Digitek ADT1100 and Digitek DT950 from PRIMION DIGITEK, S.L.U (Azkoyen Group). This vulnerability allows an attacker to access arbitrary files in the server's file system, thet is, 'http://<host>/..%2F..% 2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd'.
In builds with PubSub and JSON enabled, a crafted JSON message can cause the decoder to write beyond a heap-allocated array before authentication, reliably crashing the process and corrupting memory.
Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric MELSEC iQ-R Series R08PCPU, R16PCPU, R32PCPU, and R120PCPU allows an unauthenticated attacker to read device data or part of a control program from the affected product, write device data in the affected product, or cause a denial of service (DoS) condition on the affected product by sending a specially crafted packet containing a specific command to the affected product.
YugabyteDB Anywhere displays LDAP bind passwords configured via gflags in cleartext within the web UI. An authenticated user with access to the configuration view could obtain LDAP credentials, potentially enabling unauthorized access to external directory services.
user profile edit functionality at /ngc-cms/user-edit-profile.php. The application fails to properly sanitize user input in the name field is affected by cross-site scripting (xss).