| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-12943 | Hig | 0.53 | 8.1 | 0.01 | Sep 10, 2019 | TTLock devices do not properly restrict password-reset attempts, leading to incorrect access control and disclosure of sensitive information about valid account names. | ||
| CVE-2019-11669 | Hig | 0.49 | 7.5 | 0.01 | Sep 10, 2019 | Modifiable read only check box In Micro Focus Service Manager, versions 9.60p1, 9.61, 9.62. This vulnerability could be exploited to allow unauthorized modification of data. | ||
| CVE-2019-11668 | Hig | 0.49 | 7.5 | 0.01 | Sep 10, 2019 | HTTP cookie in Micro Focus Service manager, Versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. And Micro Focus Service Manager Chat Server, versions 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. And Micro Focus Service Manager Chat Service… | ||
| CVE-2019-11497 | Hig | 0.49 | 7.5 | 0.01 | Sep 10, 2019 | In Couchbase Server 5.0.0, when an invalid Remote Cluster Certificate was entered as part of the reference creation, XDCR did not parse and check the certificate signature. It then accepted the invalid certificate and attempted to use it to establish future connections to the… | ||
| CVE-2019-11467 | Hig | 0.49 | 7.5 | 0.01 | Sep 10, 2019 | In Couchbase Server 4.6.3 and 5.5.0, secondary indexing encodes the entries to be indexed using collatejson. When index entries contain certain characters like \t, <, >, it caused buffer overrun as encoded string would be much larger than accounted for, causing indexer service… | ||
| CVE-2019-12105 | Hig | 0.00 | 8.2 | 0.02 | Sep 10, 2019 | In Supervisor through 4.0.2, an unauthenticated user can read log files or restart a service. Note: The maintainer responded that the affected component, inet_http_server, is not enabled by default but if the user enables it and does not set a password, Supervisor logs a warning… | ||
| CVE-2019-0365 | Hig | 0.49 | 7.5 | 0.01 | Sep 10, 2019 | SAP Kernel (RFC), KRNL32NUC, KRNL32UC and KRNL64NUC before versions 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64UC, before versions 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73 and KERNEL before versions 7.21, 7.49, 7.53, 7.73, 7.76 SAP GUI for Windows (BC-FES-GUI) before versions 7.5, 7.6,… | ||
| CVE-2019-0363 | Hig | 0.46 | 7.1 | 0.01 | Sep 10, 2019 | Attackers may misuse an HTTP/REST endpoint of SAP HANA Extended Application Services (Advanced model), before version 1.0.118, to overload the server or retrieve information about internal network ports. | ||
| CVE-2019-0355 | Hig | 0.47 | 7.2 | 0.02 | Sep 10, 2019 | SAP NetWeaver Application Server Java Web Container, ENGINEAPI (before versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50) and SAP-JEECOR (before versions 6.40, 7.0, 7.01), allows an attacker to inject code that can be executed by the application. An attacker could thereby control the… | ||
| CVE-2019-0352 | Hig | 0.49 | 7.5 | 0.01 | Sep 10, 2019 | In SAP Business Objects Business Intelligence Platform, before versions 4.1, 4.2 and 4.3, some dynamic pages (like jsp) are cached, which leads to an attacker can see the sensitive information via cache and can open the dynamic pages even after logout. | ||
| CVE-2019-16106 | Hig | 0.49 | 7.5 | 0.01 | Sep 10, 2019 | The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to change the password of any user via the recruitment_online/personalData/act_acounttab.cfm txtNewUserName and hdNP fields. | ||
| CVE-2019-12401 | Hig | 0.49 | 7.5 | 0.08 | Sep 10, 2019 | Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack (a.k.a. Lol Bomb) via it’s update handler.?By leveraging XML DOCTYPE and ENTITY type elements, the attacker can create a pattern that will expand when the… | ||
| CVE-2017-18607 | Hig | 0.57 | 8.8 | 0.01 | Sep 10, 2019 | The avada theme before 5.1.5 for WordPress has CSRF. | ||
| CVE-2017-18604 | Hig | 0.49 | 7.5 | 0.02 | Sep 10, 2019 | The sitebuilder-dynamic-components plugin through 1.0 for WordPress has PHP object injection via an AJAX request. | ||
| CVE-2017-18602 | Hig | 0.57 | 8.8 | 0.02 | Sep 10, 2019 | The examapp plugin 1.0 for WordPress has SQL injection via the wp-admin/admin.php?page=examapp_UserResult id parameter. | ||
| CVE-2017-18597 | Hig | 0.57 | 8.8 | 0.02 | Sep 10, 2019 | The jtrt-responsive-tables plugin before 4.1.2 for WordPress has SQL Injection via the admin/class-jtrt-responsive-tables-admin.php tableId parameter. | ||
| CVE-2017-18596 | Hig | 0.57 | 8.8 | 0.01 | Sep 10, 2019 | The elementor plugin before 1.8.0 for WordPress has incorrect access control for internal functions. | ||
| CVE-2019-16187 | Hig | 0.42 | 7.5 | 0.01 | Sep 9, 2019 | Limesurvey before 3.17.14 uses an anti-CSRF cookie without the HttpOnly flag, which allows attackers to access a cookie value via a client-side script. | ||
| CVE-2019-16186 | Hig | 0.40 | 7.2 | 0.01 | Sep 9, 2019 | In Limesurvey before 3.17.14, admin users can access the plugin manager without proper permissions. | ||
| CVE-2019-16185 | Hig | 0.40 | 7.2 | 0.01 | Sep 9, 2019 | In Limesurvey before 3.17.14, admin users can view, update, or delete reserved menu entries without proper permissions. | ||
| CVE-2019-16177 | Hig | 0.42 | 7.5 | 0.01 | Sep 9, 2019 | In Limesurvey before 3.17.14, the entire database is exposed through browser caching. | ||
| CVE-2019-16174 | Hig | 0.50 | 8.8 | 0.02 | Sep 9, 2019 | An XML injection vulnerability was found in Limesurvey before 3.17.14 that allows remote attackers to import specially crafted XML files and execute code or compromise data integrity. | ||
| CVE-2019-6793 | Hig | 0.39 | 7.0 | 0.04 | Sep 9, 2019 | An issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The Jira integration feature is vulnerable to an unauthenticated blind SSRF issue. | ||
| CVE-2019-6788 | Hig | 0.42 | 7.5 | 0.04 | Sep 9, 2019 | An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 3 of 6). For installations using GitHub or Bitbucket OAuth integrations, it is possible to use a covert… | ||
| CVE-2019-6783 | Hig | 0.51 | 8.8 | 0.05 | Sep 9, 2019 | An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. GitLab Pages contains a directory traversal vulnerability that could lead to remote command execution. | ||
| CVE-2019-6782 | Hig | 0.42 | 7.5 | 0.02 | Sep 9, 2019 | An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 1 of 6). An authorization issue allows the contributed project information of a private profile to be viewed. | ||
| CVE-2019-11605 | Hig | 0.49 | 7.5 | 0.01 | Sep 9, 2019 | An issue was discovered in GitLab Community and Enterprise Edition 11.8.x before 11.8.10, 11.9.x before 11.9.11, and 11.10.x before 11.10.3. It allows Information Disclosure. A small number of GitLab API endpoints would disclose project information when using a read_user scoped… | ||
| CVE-2019-5473 | Hig | 0.47 | 7.2 | 0.02 | Sep 9, 2019 | An authentication issue was discovered in GitLab that allowed a bypass of email verification. This was addressed in GitLab 12.1.2 and 12.0.4. | ||
| CVE-2019-16163 | Hig | 0.42 | 7.5 | 0.03 | Sep 9, 2019 | Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c. | ||
| CVE-2019-16162 | Hig | 0.49 | 7.5 | 0.02 | Sep 9, 2019 | Onigmo through 6.2.0 has an out-of-bounds read in parse_char_class because of missing codepoint validation in regenc.c. | ||
| CVE-2019-16161 | Hig | 0.42 | 7.5 | 0.02 | Sep 9, 2019 | Onigmo through 6.2.0 has a NULL pointer dereference in onig_error_code_to_str because of fetch_token in regparse.c. | ||
| CVE-2019-16159 | Hig | 0.49 | 7.5 | 0.03 | Sep 9, 2019 | BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x through 2.0.5 has a stack-based buffer overflow. The BGP daemon's support for RFC 8203 administrative shutdown communication messages included an incorrect logical expression when checking the validity of an input message.… | ||
| CVE-2019-12465 | — | Hig | 0.53 | 8.1 | 0.01 | Sep 9, 2019 | An issue was discovered in LibreNMS 1.50.1. A SQL injection flaw was identified in the ajax_rulesuggest.php file where the term parameter is used insecurely in a database query for showing columns of a table, as demonstrated by an ajax_rulesuggest.php?debug=1&term= request. | |
| CVE-2019-12464 | — | Hig | 0.49 | 7.5 | 0.02 | Sep 9, 2019 | An issue was discovered in LibreNMS 1.50.1. An authenticated user can perform a directory traversal attack against the /pdf.php file with a partial filename in the report parameter, to cause local file inclusion resulting in code execution. | |
| CVE-2019-12463 | — | Hig | 0.57 | 8.8 | 0.01 | Sep 9, 2019 | An issue was discovered in LibreNMS 1.50.1. The scripts that handle graphing options (includes/html/graphs/common.inc.php and includes/html/graphs/graphs.inc.php) do not sufficiently validate or encode several fields of user supplied input. Some parameters are filtered with… | |
| CVE-2019-10671 | — | Hig | 0.57 | 8.8 | 0.01 | Sep 9, 2019 | An issue was discovered in LibreNMS through 1.47. It does not parameterize all user supplied input within database queries, resulting in SQL injection. An authenticated attacker can subvert these database queries to extract or manipulate data, as demonstrated by the graph.php… | |
| CVE-2019-15895 | Hig | 0.49 | 7.5 | 0.02 | Sep 9, 2019 | search-exclude.php in the "Search Exclude" plugin before 1.2.4 for WordPress allows unauthenticated options changes. | ||
| CVE-2019-15639 | Hig | 0.51 | 7.5 | 0.22 | Sep 9, 2019 | main/translate.c in Sangoma Asterisk 13.28.0 and 16.5.0 allows a remote attacker to send a specific RTP packet during a call and cause a crash in a specific scenario. | ||
| CVE-2019-10669 | Hig | 0.56 | 7.2 | 0.81 | Sep 9, 2019 | An issue was discovered in LibreNMS through 1.47. There is a command injection vulnerability in html/includes/graphs/device/collectd.inc.php where user supplied parameters are filtered with the mysqli_escape_real_string function. This function is not the appropriate function to… | ||
| CVE-2019-10666 | Hig | 0.53 | 8.1 | 0.01 | Sep 9, 2019 | An issue was discovered in LibreNMS through 1.47. Several of the scripts perform dynamic script inclusion via the include() function on user supplied input without sanitizing the values by calling basename() or a similar function. An attacker can leverage this to execute PHP… | ||
| CVE-2018-21011 | Hig | 0.49 | 7.5 | 0.02 | Sep 9, 2019 | The charitable plugin before 1.5.14 for WordPress has unauthorized access to user and donation details. | ||
| CVE-2019-16144 | — | Hig | 0.49 | 7.5 | 0.02 | Sep 9, 2019 | An issue was discovered in the generator crate before 0.6.18 for Rust. Uninitialized memory is used by Scope, done, and yield_ during API calls. | |
| CVE-2019-16141 | — | Hig | 0.42 | 7.5 | 0.02 | Sep 9, 2019 | An issue was discovered in the once_cell crate before 1.0.1 for Rust. There is a panic during initialization of Lazy. | |
| CVE-2019-16137 | — | Hig | 0.00 | 7.5 | 0.01 | Sep 9, 2019 | An issue was discovered in the spin crate before 0.5.2 for Rust, when RwLock is used. Because memory ordering is mishandled, two writers can acquire the lock at the same time, violating mutual exclusion. | |
| CVE-2019-16131 | Hig | 0.58 | 8.8 | 0.07 | Sep 9, 2019 | framework/admin/modulec_control.php in OKLite v1.2.25 has an Arbitrary File Upload Vulnerability because a .php file from a ZIP archive can be written to /data/cache/. | ||
| CVE-2019-16123 | Hig | 0.50 | 7.5 | 0.16 | Sep 9, 2019 | In Kartatopia PilusCart 1.4.1, the parameter filename in the file catalog.php is mishandled, leading to ../ Local File Disclosure. | ||
| CVE-2019-16120 | Hig | 0.57 | 8.8 | 0.03 | Sep 8, 2019 | CSV injection in the event-tickets (Event Tickets) plugin before 4.10.7.2 for WordPress exists via the "All Post> Ticketed > Attendees" Export Attendees feature. | ||
| CVE-2019-16115 | Hig | 0.51 | 7.8 | 0.01 | Sep 8, 2019 | In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in IdentityFunction::transform in Function.cc, used by GfxAxialShading::getColor. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It allows an attacker to use a crafted… | ||
| CVE-2019-16113 | Hig | 0.66 | 8.8 | 0.78 | Sep 8, 2019 | Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname. | ||
| CVE-2019-16103 | Hig | 0.47 | 7.2 | 0.02 | Sep 8, 2019 | Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows privilege escalation (by administrators) from the menu to a root Bash OS shell via the spsshell feature. |
- risk 0.53cvss 8.1epss 0.01
TTLock devices do not properly restrict password-reset attempts, leading to incorrect access control and disclosure of sensitive information about valid account names.
- risk 0.49cvss 7.5epss 0.01
Modifiable read only check box In Micro Focus Service Manager, versions 9.60p1, 9.61, 9.62. This vulnerability could be exploited to allow unauthorized modification of data.
- risk 0.49cvss 7.5epss 0.01
HTTP cookie in Micro Focus Service manager, Versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. And Micro Focus Service Manager Chat Server, versions 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. And Micro Focus Service Manager Chat Service…
- risk 0.49cvss 7.5epss 0.01
In Couchbase Server 5.0.0, when an invalid Remote Cluster Certificate was entered as part of the reference creation, XDCR did not parse and check the certificate signature. It then accepted the invalid certificate and attempted to use it to establish future connections to the…
- risk 0.49cvss 7.5epss 0.01
In Couchbase Server 4.6.3 and 5.5.0, secondary indexing encodes the entries to be indexed using collatejson. When index entries contain certain characters like \t, <, >, it caused buffer overrun as encoded string would be much larger than accounted for, causing indexer service…
- risk 0.00cvss 8.2epss 0.02
In Supervisor through 4.0.2, an unauthenticated user can read log files or restart a service. Note: The maintainer responded that the affected component, inet_http_server, is not enabled by default but if the user enables it and does not set a password, Supervisor logs a warning…
- risk 0.49cvss 7.5epss 0.01
SAP Kernel (RFC), KRNL32NUC, KRNL32UC and KRNL64NUC before versions 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64UC, before versions 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73 and KERNEL before versions 7.21, 7.49, 7.53, 7.73, 7.76 SAP GUI for Windows (BC-FES-GUI) before versions 7.5, 7.6,…
- risk 0.46cvss 7.1epss 0.01
Attackers may misuse an HTTP/REST endpoint of SAP HANA Extended Application Services (Advanced model), before version 1.0.118, to overload the server or retrieve information about internal network ports.
- risk 0.47cvss 7.2epss 0.02
SAP NetWeaver Application Server Java Web Container, ENGINEAPI (before versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50) and SAP-JEECOR (before versions 6.40, 7.0, 7.01), allows an attacker to inject code that can be executed by the application. An attacker could thereby control the…
- risk 0.49cvss 7.5epss 0.01
In SAP Business Objects Business Intelligence Platform, before versions 4.1, 4.2 and 4.3, some dynamic pages (like jsp) are cached, which leads to an attacker can see the sensitive information via cache and can open the dynamic pages even after logout.
- risk 0.49cvss 7.5epss 0.01
The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to change the password of any user via the recruitment_online/personalData/act_acounttab.cfm txtNewUserName and hdNP fields.
- risk 0.49cvss 7.5epss 0.08
Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack (a.k.a. Lol Bomb) via it’s update handler.?By leveraging XML DOCTYPE and ENTITY type elements, the attacker can create a pattern that will expand when the…
- risk 0.57cvss 8.8epss 0.01
The avada theme before 5.1.5 for WordPress has CSRF.
- risk 0.49cvss 7.5epss 0.02
The sitebuilder-dynamic-components plugin through 1.0 for WordPress has PHP object injection via an AJAX request.
- risk 0.57cvss 8.8epss 0.02
The examapp plugin 1.0 for WordPress has SQL injection via the wp-admin/admin.php?page=examapp_UserResult id parameter.
- risk 0.57cvss 8.8epss 0.02
The jtrt-responsive-tables plugin before 4.1.2 for WordPress has SQL Injection via the admin/class-jtrt-responsive-tables-admin.php tableId parameter.
- risk 0.57cvss 8.8epss 0.01
The elementor plugin before 1.8.0 for WordPress has incorrect access control for internal functions.
- risk 0.42cvss 7.5epss 0.01
Limesurvey before 3.17.14 uses an anti-CSRF cookie without the HttpOnly flag, which allows attackers to access a cookie value via a client-side script.
- risk 0.40cvss 7.2epss 0.01
In Limesurvey before 3.17.14, admin users can access the plugin manager without proper permissions.
- risk 0.40cvss 7.2epss 0.01
In Limesurvey before 3.17.14, admin users can view, update, or delete reserved menu entries without proper permissions.
- risk 0.42cvss 7.5epss 0.01
In Limesurvey before 3.17.14, the entire database is exposed through browser caching.
- risk 0.50cvss 8.8epss 0.02
An XML injection vulnerability was found in Limesurvey before 3.17.14 that allows remote attackers to import specially crafted XML files and execute code or compromise data integrity.
- risk 0.39cvss 7.0epss 0.04
An issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The Jira integration feature is vulnerable to an unauthenticated blind SSRF issue.
- risk 0.42cvss 7.5epss 0.04
An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 3 of 6). For installations using GitHub or Bitbucket OAuth integrations, it is possible to use a covert…
- risk 0.51cvss 8.8epss 0.05
An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. GitLab Pages contains a directory traversal vulnerability that could lead to remote command execution.
- risk 0.42cvss 7.5epss 0.02
An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 1 of 6). An authorization issue allows the contributed project information of a private profile to be viewed.
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in GitLab Community and Enterprise Edition 11.8.x before 11.8.10, 11.9.x before 11.9.11, and 11.10.x before 11.10.3. It allows Information Disclosure. A small number of GitLab API endpoints would disclose project information when using a read_user scoped…
- risk 0.47cvss 7.2epss 0.02
An authentication issue was discovered in GitLab that allowed a bypass of email verification. This was addressed in GitLab 12.1.2 and 12.0.4.
- risk 0.42cvss 7.5epss 0.03
Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c.
- risk 0.49cvss 7.5epss 0.02
Onigmo through 6.2.0 has an out-of-bounds read in parse_char_class because of missing codepoint validation in regenc.c.
- risk 0.42cvss 7.5epss 0.02
Onigmo through 6.2.0 has a NULL pointer dereference in onig_error_code_to_str because of fetch_token in regparse.c.
- risk 0.49cvss 7.5epss 0.03
BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x through 2.0.5 has a stack-based buffer overflow. The BGP daemon's support for RFC 8203 administrative shutdown communication messages included an incorrect logical expression when checking the validity of an input message.…
- risk 0.53cvss 8.1epss 0.01
An issue was discovered in LibreNMS 1.50.1. A SQL injection flaw was identified in the ajax_rulesuggest.php file where the term parameter is used insecurely in a database query for showing columns of a table, as demonstrated by an ajax_rulesuggest.php?debug=1&term= request.
- risk 0.49cvss 7.5epss 0.02
An issue was discovered in LibreNMS 1.50.1. An authenticated user can perform a directory traversal attack against the /pdf.php file with a partial filename in the report parameter, to cause local file inclusion resulting in code execution.
- risk 0.57cvss 8.8epss 0.01
An issue was discovered in LibreNMS 1.50.1. The scripts that handle graphing options (includes/html/graphs/common.inc.php and includes/html/graphs/graphs.inc.php) do not sufficiently validate or encode several fields of user supplied input. Some parameters are filtered with…
- risk 0.57cvss 8.8epss 0.01
An issue was discovered in LibreNMS through 1.47. It does not parameterize all user supplied input within database queries, resulting in SQL injection. An authenticated attacker can subvert these database queries to extract or manipulate data, as demonstrated by the graph.php…
- risk 0.49cvss 7.5epss 0.02
search-exclude.php in the "Search Exclude" plugin before 1.2.4 for WordPress allows unauthenticated options changes.
- risk 0.51cvss 7.5epss 0.22
main/translate.c in Sangoma Asterisk 13.28.0 and 16.5.0 allows a remote attacker to send a specific RTP packet during a call and cause a crash in a specific scenario.
- risk 0.56cvss 7.2epss 0.81
An issue was discovered in LibreNMS through 1.47. There is a command injection vulnerability in html/includes/graphs/device/collectd.inc.php where user supplied parameters are filtered with the mysqli_escape_real_string function. This function is not the appropriate function to…
- risk 0.53cvss 8.1epss 0.01
An issue was discovered in LibreNMS through 1.47. Several of the scripts perform dynamic script inclusion via the include() function on user supplied input without sanitizing the values by calling basename() or a similar function. An attacker can leverage this to execute PHP…
- risk 0.49cvss 7.5epss 0.02
The charitable plugin before 1.5.14 for WordPress has unauthorized access to user and donation details.
- risk 0.49cvss 7.5epss 0.02
An issue was discovered in the generator crate before 0.6.18 for Rust. Uninitialized memory is used by Scope, done, and yield_ during API calls.
- risk 0.42cvss 7.5epss 0.02
An issue was discovered in the once_cell crate before 1.0.1 for Rust. There is a panic during initialization of Lazy.
- risk 0.00cvss 7.5epss 0.01
An issue was discovered in the spin crate before 0.5.2 for Rust, when RwLock is used. Because memory ordering is mishandled, two writers can acquire the lock at the same time, violating mutual exclusion.
- risk 0.58cvss 8.8epss 0.07
framework/admin/modulec_control.php in OKLite v1.2.25 has an Arbitrary File Upload Vulnerability because a .php file from a ZIP archive can be written to /data/cache/.
- risk 0.50cvss 7.5epss 0.16
In Kartatopia PilusCart 1.4.1, the parameter filename in the file catalog.php is mishandled, leading to ../ Local File Disclosure.
- risk 0.57cvss 8.8epss 0.03
CSV injection in the event-tickets (Event Tickets) plugin before 4.10.7.2 for WordPress exists via the "All Post> Ticketed > Attendees" Export Attendees feature.
- risk 0.51cvss 7.8epss 0.01
In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in IdentityFunction::transform in Function.cc, used by GfxAxialShading::getColor. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It allows an attacker to use a crafted…
- risk 0.66cvss 8.8epss 0.78
Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname.
- risk 0.47cvss 7.2epss 0.02
Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows privilege escalation (by administrators) from the menu to a root Bash OS shell via the spsshell feature.