Redaxo CMS 5.2 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by tricking authenticated administrators into visiting. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Snews CMS 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials without authentication by crafting malicious HTML forms. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
NetSchedScan 1.0 contains a buffer overflow vulnerability in the scan Hostname/IP field that allows local attackers to crash the application by supplying an oversized input string. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Termite 3.4 contains a buffer overflow vulnerability in the User interface language settings field that allows local attackers to cause a denial of service by supplying an excessively long string. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
FTP Voyager 16.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by injecting oversized buffer data into the site profile IP field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Microsoft Eco Search 1.0.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string to the search functionality. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Microsoft FastTube 1.0.1.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string to the search functionality. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Microsoft One Search 1.1.0.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting excessively long input strings to the search functionality. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Microsoft Watchr 1.1.0.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string to the search functionality. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Microsoft Smart VPN 1.1.3.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input through the search interface. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Microsoft VSCO 1.1.1.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string through the search functionality. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Nodcms contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious forms. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
MyBB Last User's Threads in Profile Plugin 1.2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts by crafting thread subjects with script tags. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
MyBB My Arcade Plugin 1.3 contains a persistent cross-site scripting vulnerability that allows authenticated users to inject malicious scripts through arcade game score comments. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
MyBB Downloads Plugin 2.0.3 contains a persistent cross-site scripting vulnerability that allows regular members to inject malicious scripts through the download title field. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
MyBB Like Plugin 3.0.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts by creating posts or threads with unvalidated subject content. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Arbitrary shortcode execution in ProfilePress plugin for WordPress (all versions up to 4.16.11) allows unauthenticated attackers to execute arbitrary shortcodes by injecting malicious code into billing field values during checkout, potentially leading to information disclosure or content manipulation. The vulnerability stems from insufficient sanitization of user-supplied input before shortcode processing. Wordfence has documented this issue with a CVSS score of 6.5 and no confirmed active exploitation at time of analysis.
Directus GraphQL endpoints fail to deduplicate resolver invocations within single requests, allowing authenticated users to exploit GraphQL aliasing for denial-of-service attacks. An attacker with minimal read-only permissions can repeat expensive relational queries using multiple aliases in a single request, forcing concurrent execution of numerous complex database queries that exhaust connection pools and server resources, potentially degrading or crashing the service. No public exploit code has been identified, and this vulnerability requires prior authentication to the Directus instance.
Unauthenticated attackers can modify registration form status in Pie Register plugin for WordPress versions up to 3.8.4.8 due to a missing capability check in the pie_main() function. The vulnerability allows unauthorized changes to critical registration settings without authentication, impacting the integrity of user registration workflows. CVSS 6.5 reflects moderate severity with both confidentiality and availability impact; no public exploit code or active exploitation has been confirmed at this time.
Stored cross-site scripting (XSS) in WPFunnels - Easy Funnel Builder plugin for WordPress versions up to 3.7.9 allows authenticated contributors and higher-privileged users to inject arbitrary JavaScript via the 'button_icon' parameter in the 'wpf_optin_form' shortcode due to insufficient input sanitization and output escaping. The injected scripts execute in the context of any user viewing the affected page, potentially compromising website visitors and enabling session hijacking, credential theft, or malware distribution. This vulnerability requires authenticated attacker access but affects all site visitors who view injected pages.
Stored Cross-Site Scripting in WP Travel Engine plugin versions up to 6.7.5 allows authenticated contributors and above to inject malicious scripts via the 'wte_trip_tax' shortcode due to insufficient input sanitization and output escaping. When site visitors access pages containing the injected payload, the arbitrary JavaScript executes in their browsers, enabling session hijacking, credential theft, or malware distribution. No public exploit code or active exploitation has been identified at time of analysis.
Stored Cross-Site Scripting (XSS) in Xpro Addons - 140+ Widgets for Elementor plugin for WordPress up to version 1.4.24 allows authenticated contributors and above to inject malicious scripts via the Icon Box widget that execute for all users viewing affected pages. The vulnerability stems from insufficient input sanitization and output escaping, making it a direct code injection risk in a widely-used page builder extension. CVSS 6.4 reflects moderate severity with limited direct impact (confidentiality and integrity) but cross-site scope; no public exploit code or active exploitation has been identified at time of analysis.
Stored Cross-Site Scripting in Gutenverse - Ultimate WordPress FSE Blocks Addons & Ecosystem plugin versions up to 3.4.6 allows authenticated attackers with contributor-level access or higher to inject arbitrary JavaScript via the 'imageLoad' parameter, resulting in persistent script execution in pages viewed by other users. CVSS 6.4 reflects medium severity with cross-site scope; no public exploit code or active exploitation has been identified at the time of analysis, but the vulnerability requires only low privileges and no user interaction beyond initial page access.
Stored Cross-Site Scripting in Xpro Addons - 140+ Widgets for Elementor plugin up to version 1.4.20 allows authenticated contributors and above to inject malicious scripts via the Pricing Widget's 'onClick Event' setting, which execute in the browsers of any user viewing the affected pages. The vulnerability stems from insufficient input sanitization and output escaping, enabling persistent XSS attacks that compromise site integrity and user sessions. No active exploitation has been confirmed, but the low attack complexity and contributor-level access requirement present a moderate real-world risk for WordPress sites with contributor user bases.
Stored Cross-Site Scripting (XSS) in Simple Shopping Cart WordPress plugin versions up to 5.2.4 allows authenticated contributors and above to inject arbitrary JavaScript via the 'wpsc_display_product' shortcode attributes due to insufficient input sanitization and output escaping. Injected scripts execute in the browsers of all users viewing affected pages. No public exploit code or active exploitation has been reported at time of analysis.
Stored Cross-Site Scripting (XSS) in WP Shortcodes Plugin - Shortcodes Ultimate up to version 7.4.7 allows authenticated contributors and above to inject arbitrary JavaScript via the 'src' attribute of the su_lightbox shortcode, which executes in the browsers of all users viewing the affected page. The vulnerability stems from insufficient input sanitization and output escaping, requiring only contributor-level access to exploit. No public exploit code or active exploitation has been confirmed at time of analysis.
Stored Cross-Site Scripting in WP Shortcodes Plugin - Shortcodes Ultimate up to version 7.4.8 allows authenticated attackers with author-level permissions to inject arbitrary JavaScript into pages via the su_carousel shortcode's 'su_slide_link' attachment meta field. The vulnerability stems from insufficient input sanitization and output escaping, enabling malicious scripts to execute when any user visits an affected page. No public exploit code or active exploitation has been identified at the time of analysis.
Stored Cross-Site Scripting in ElementsKit Elementor Addons and Templates plugin (versions up to 3.7.9) allows authenticated contributors and above to inject malicious scripts via the 'ekit_tab_title' parameter in the Simple Tab widget due to insufficient input sanitization and output escaping. Injected scripts execute when users access affected pages. No public exploit code or active exploitation has been identified at time of analysis.
Stored Cross-Site Scripting (XSS) in Royal Addons for Elementor plugin allows authenticated contributors and above to inject arbitrary JavaScript via the 'button_text' parameter, affecting all versions through 1.7.1049. The vulnerability stems from insufficient input sanitization and output escaping, enabling attackers to execute malicious scripts in the context of any user visiting an affected page. No public exploit code or active exploitation has been identified at time of analysis.
Stored cross-site scripting in Ultimate Member plugin versions up to 2.11.1 allows authenticated subscribers and above to inject arbitrary JavaScript via the user description field when HTML support is enabled, executing malicious scripts in pages viewed by other users. The vulnerability requires prior authentication and user interaction but affects site visitors broadly once injected. Wordfence reported the issue; a fix is available in patched versions.
Open redirect vulnerability in Directus login redirection logic allows unauthenticated attackers to bypass URL allow-list validation through malformed URLs containing backslashes, silently redirecting authenticated users to arbitrary external domains. The vulnerability exploits a parser differential between server-side validation and browser URL normalization, creating a phishing vector particularly dangerous in SSO/OAuth2 flows where attackers can capture authentication tokens without visible user indication. CVSS 6.1 reflects moderate real-world risk due to user interaction requirement and limited direct confidentiality impact, but the attack chain (authentication + silent redirect + credential theft) presents meaningful business risk.
Improper access controls in Tenda 4G03 Pro firmware (versions up to 04.03.01.53) enable unauthenticated remote attackers to bypass authentication mechanisms via the /bin/httpd binary, potentially achieving unauthorized administrative access to the router. This vulnerability has publicly available exploit code and affects consumer-grade 4G routers commonly used for home and small office networks. EPSS data not available, but the combination of network-accessible attack vector, low complexity, and public exploit elevates real-world risk.
Tenda 4G03 Pro wireless router contains a hard-coded ECDSA P-256 private cryptographic key in the /etc/www/pem/server.key file, enabling remote attackers to decrypt HTTPS communications and potentially impersonate the device without authentication. The vulnerability affects firmware versions 1.0, 1.0re, 01.bin, and 04.03.01.53, and carries a CVSS score of 5.3 with proof-of-concept exploitation likely (E:P rating). No public exploit code has been independently confirmed at the time of this analysis.
Unauthenticated arbitrary media upload in Listeo Core plugin for WordPress (versions up to 2.0.27) allows remote attackers to upload arbitrary files to the site's media library via the unprotected listeo_core_handle_dropped_media AJAX endpoint. The vulnerability stems from missing authorization checks and does not directly enable code execution, but significantly degrades site integrity by enabling malicious file storage and potential downstream attacks.
Directus allows information disclosure of GraphQL schema structure via the `/graphql/system` endpoint when `GRAPHQL_INTROSPECTION=false` is configured, exposing collection names, field names, types, and relationships to unauthenticated users and authenticated users at their permission level. The vulnerability bypasses the introspection control mechanism by returning an equivalent SDL (Schema Definition Language) representation through the `server_specs_graphql` resolver, giving administrators a false sense of security while schema information remains publicly accessible.
Unauthenticated information disclosure in AVideo CloneSite plugin allows remote attackers to retrieve sensitive operational logs containing internal filesystem paths, remote server URLs, and SSH connection metadata via the client.log.php endpoint, which lacks authentication controls present in all sibling endpoints within the same plugin directory.
Unauthenticated access to FFmpeg server configuration endpoint in AVideo allows remote attackers to probe infrastructure details and determine encoding architecture without authentication, while sibling management endpoints properly enforce admin-only access. This information disclosure aids reconnaissance for targeted attacks against video encoding infrastructure. CVSS 5.3, no public exploit code identified, no active exploitation confirmed.
AVideo install/test.php diagnostic script exposes sensitive viewer statistics including IP addresses, session IDs, and user agents to unauthenticated remote attackers due to a disabled CLI-only access guard. The vulnerability allows any visitor to retrieve video viewer data via HTTP GET requests without authentication, combined with enabled error reporting that leaks internal filesystem paths. CVSS 5.3 reflects low confidentiality impact; no public exploit code identified at time of analysis.
Open redirect vulnerability in Directus allows unauthenticated attackers to redirect administrators to attacker-controlled URLs after 2FA setup completion via crafted `/admin/tfa-setup` redirect parameter. The attack leverages user interaction on the trusted Directus domain before redirecting to a malicious site, enabling phishing campaigns targeting administrators. CVSS 4.3 (low severity), no public exploit code or active exploitation confirmed.
Kadence Blocks Page Builder Toolkit for Gutenberg Editor plugin for WordPress allows authenticated contributors to bypass authorization checks and upload arbitrary images to the Media Library via the process_pattern REST API endpoint. An attacker with contributor-level access or higher can supply remote image URLs that the server downloads and converts into media attachments, exploiting missing capability verification for the upload_files action. No public exploit code or active exploitation has been reported at time of analysis.