| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-1937 | Hig | 0.39 | 7.1 | 0.00 | Jul 16, 2024 | The Brizy – Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_item' function in all versions up to, and including, 2.4.44. This makes it possible for authenticated attackers, with contributor… | ||
| CVE-2023-52290 | Hig | 0.46 | 8.1 | 0.01 | Jul 16, 2024 | In streampark-console the list pages(e.g: application pages), users can sort page by field. This sort field is sent from the front-end to the back-end, and the SQL query is generated using this field. However, because this sort field isn't validated, there is a risk of SQL… | ||
| CVE-2024-40631 | Hig | 0.46 | 8.1 | 0.01 | Jul 15, 2024 | Plate media is an open source, rich-text editor for React. Editors that use `MediaEmbedElement` and pass custom `urlParsers` to the `useMediaState` hook may be vulnerable to XSS if a custom parser allows `javascript:`, `data:` or `vbscript:` URLs to be embedded. Editors that do… | ||
| CVE-2024-36438 | Hig | 0.47 | 7.3 | 0.00 | Jul 15, 2024 | eLinkSmart Hidden Smart Cabinet Lock 2024-05-22 has Incorrect Access Control and fails to perform an authorization check which can lead to card duplication and other attacks. | ||
| CVE-2024-36434 | Hig | 0.49 | 7.5 | 0.00 | Jul 15, 2024 | An SMM callout vulnerability was discovered in Supermicro X11DPH-T, X11DPH-Tq, and X11DPH-i motherboards with BIOS firmware before 4.4. | ||
| CVE-2024-36433 | Hig | 0.49 | 7.5 | 0.00 | Jul 15, 2024 | An arbitrary memory write vulnerability was discovered in Supermicro X11DPH-T, X11DPH-Tq, and X11DPH-i motherboards with BIOS firmware before 4.4. | ||
| CVE-2024-36432 | Hig | 0.49 | 7.5 | 0.00 | Jul 15, 2024 | An arbitrary memory write vulnerability was discovered in Supermicro X11DPG-HGX2, X11PDG-QT, X11PDG-OT, and X11PDG-SN motherboards with BIOS firmware before 4.4. | ||
| CVE-2024-27240 | Hig | 0.46 | 7.1 | 0.00 | Jul 15, 2024 | Improper input validation in the installer for some Zoom Apps for Windows may allow an authenticated user to conduct a privilege escalation via local access. | ||
| CVE-2024-27238 | Hig | 0.46 | 7.1 | 0.00 | Jul 15, 2024 | Race condition in the installer for some Zoom Apps and SDKs for Windows before version 6.0.0 may allow an authenticated user to conduct a privilege escalation via local access. | ||
| CVE-2024-40560 | Hig | 0.47 | 7.3 | 0.00 | Jul 15, 2024 | Tmall_demo before v2024.07.03 was discovered to contain a SQL injection vulnerability. | ||
| CVE-2024-40554 | Hig | 0.49 | 7.5 | 0.00 | Jul 15, 2024 | An access control issue in Tmall_demo v2024.07.03 allows attackers to obtain sensitive information. | ||
| CVE-2024-6689 | Hig | 0.51 | 7.8 | 0.00 | Jul 15, 2024 | Local Privilege Escalation in MSI-Installer in baramundi Management Agent v23.1.172.0 on Windows allows a local unprivileged user to escalate privileges to SYSTEM. | ||
| CVE-2024-38494 | Hig | 0.56 | — | 0.01 | Jul 15, 2024 | This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request. | ||
| CVE-2024-38491 | — | Hig | 0.55 | — | 0.00 | Jul 15, 2024 | The vulnerability allows an unauthenticated attacker to read arbitrary information from the database. | |
| CVE-2024-5402 | Hig | 0.51 | 7.8 | 0.00 | Jul 15, 2024 | Unquoted Search Path or Element vulnerability in ABB Mint Workbench. A local attacker who successfully exploited this vulnerability could gain elevated privileges by inserting an executable file in the path of the affected service. This issue affects Mint Workbench I… | ||
| CVE-2024-6745 | Hig | 0.48 | 7.3 | 0.01 | Jul 15, 2024 | A vulnerability classified as critical has been found in code-projects Simple Ticket Booking 1.0. Affected is an unknown function of the file adminauthenticate.php of the component Login. The manipulation of the argument email/password leads to sql injection. It is possible to… | ||
| CVE-2023-49566 | — | Hig | 0.57 | 8.8 | 0.01 | Jul 15, 2024 | In Apache Linkis <=1.5.0, due to the lack of effective filtering of parameters, an attacker configuring malicious db2 parameters in the DataSource Manager Module will result in jndi injection. Therefore, the parameters in the DB2 URL should be blacklisted. This attack… | |
| CVE-2023-46801 | — | Hig | 0.50 | 8.8 | 0.01 | Jul 15, 2024 | In Apache Linkis <= 1.5.0, data source management module, when adding Mysql data source, exists remote code execution vulnerability for java version < 1.8.0_241. The deserialization vulnerability exploited through jrmp can inject malicious files into the server and execute… | |
| CVE-2024-6075 | Hig | 0.57 | 8.8 | 0.00 | Jul 15, 2024 | The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks | ||
| CVE-2024-5630 | Hig | 0.57 | 8.8 | 0.01 | Jul 15, 2024 | The Insert or Embed Articulate Content into WordPress plugin before 4.3000000024 does not prevent authors from uploading arbitrary files to the site, which may allow them to upload PHP shells on affected sites. | ||
| CVE-2024-21513 | Hig | 0.48 | 8.5 | 0.02 | Jul 15, 2024 | Versions of the package langchain-experimental from 0.0.15 and before 0.0.21 are vulnerable to Arbitrary Code Execution when retrieving values from the database, the code will attempt to call 'eval' on all values. An attacker can exploit this vulnerability and execute arbitrary… | ||
| CVE-2024-6737 | Hig | 0.57 | 8.8 | 0.01 | Jul 15, 2024 | The access control in the Electronic Official Document Management System from 2100 TECHNOLOGY is not properly implemented, allowing remote attackers with regular privileges to access the account settings functionality and create an administrator account. | ||
| CVE-2024-6345 | Hig | 0.50 | 8.8 | 0.02 | Jul 15, 2024 | A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are… | ||
| CVE-2023-52885 | Hig | 0.51 | 7.8 | 0.00 | Jul 14, 2024 | In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix UAF in svc_tcp_listen_data_ready() After the listener svc_sock is freed, and before invoking svc_tcp_accept() for the established child sock, there is a window that the newsock retaining a freed… | ||
| CVE-2024-5715 | Hig | 0.46 | 7.1 | 0.00 | Jul 13, 2024 | The wp-eMember WordPress plugin before 10.6.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||
| CVE-2024-5472 | Hig | 0.46 | 7.1 | 0.00 | Jul 13, 2024 | The WP QuickLaTeX WordPress plugin before 3.8.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite… | ||
| CVE-2024-5287 | Hig | 0.46 | 7.1 | 0.00 | Jul 13, 2024 | The wp-affiliate-platform WordPress plugin before 6.5.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in user change them via a CSRF attack | ||
| CVE-2024-5167 | Hig | 0.53 | 8.1 | 0.00 | Jul 13, 2024 | The CM Email Registration Blacklist and Whitelist WordPress plugin before 1.4.9 does not have CSRF check when adding or deleting an item from the blacklist or whitelist, which could allow attackers to make a logged in admin add or delete settings from the blacklist or whitelist… | ||
| CVE-2024-5151 | Hig | 0.46 | 7.1 | 0.00 | Jul 13, 2024 | The SULly WordPress plugin before 4.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||
| CVE-2024-5080 | Hig | 0.57 | 8.8 | 0.01 | Jul 13, 2024 | The wp-eMember WordPress plugin before 10.6.6 does not validate files to be uploaded, which could allow admins to upload arbitrary files such as PHP on the server | ||
| CVE-2024-5076 | Hig | 0.57 | 8.8 | 0.00 | Jul 13, 2024 | The wp-eMember WordPress plugin before 10.6.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks | ||
| CVE-2024-5034 | Hig | 0.57 | 8.8 | 0.00 | Jul 13, 2024 | The SULly WordPress plugin before 4.3.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks | ||
| CVE-2024-30213 | Hig | 0.57 | 8.8 | 0.01 | Jul 12, 2024 | StoneFly Storage Concentrator (SC and SCVM) before 8.0.4.26 allows remote authenticated users to achieve Command Injection via a Ping URL, leading to remote code execution. | ||
| CVE-2024-5902 | Hig | 0.47 | 7.2 | 0.00 | Jul 12, 2024 | The User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the name parameter in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output… | ||
| CVE-2024-40552 | Hig | 0.57 | 8.8 | 0.01 | Jul 12, 2024 | PublicCMS v4.0.202302.e was discovered to contain a remote commande execution (RCE) vulnerability via the cmdarray parameter at /site/ScriptComponent.java. | ||
| CVE-2024-40551 | Hig | 0.57 | 8.8 | 0.00 | Jul 12, 2024 | An arbitrary file upload vulnerability in the component /admin/cmsTemplate/doUpload of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file. | ||
| CVE-2024-40550 | Hig | 0.57 | 8.8 | 0.01 | Jul 12, 2024 | An arbitrary file upload vulnerability in the component /admin/cmsTemplate/savePlaceMetaData of Public CMS v.4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file. | ||
| CVE-2024-40549 | Hig | 0.57 | 8.8 | 0.01 | Jul 12, 2024 | An arbitrary file upload vulnerability in the component /admin/cmsTemplate/savePlace of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file. | ||
| CVE-2024-40548 | Hig | 0.57 | 8.8 | 0.01 | Jul 12, 2024 | An arbitrary file upload vulnerability in the component /admin/cmsTemplate/save of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file. | ||
| CVE-2024-40546 | Hig | 0.57 | 8.8 | 0.01 | Jul 12, 2024 | An arbitrary file upload vulnerability in the component /admin/cmsWebFile/save of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file. | ||
| CVE-2024-40545 | Hig | 0.57 | 8.8 | 0.01 | Jul 12, 2024 | An arbitrary file upload vulnerability in the component /admin/cmsWebFile/doUpload of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file. | ||
| CVE-2024-40544 | Hig | 0.57 | 8.8 | 0.00 | Jul 12, 2024 | PublicCMS v4.0.202302.e was discovered to contain a Server-Side Request Forgery (SSRF) via the component /admin/#maintenance_sysTask/edit. | ||
| CVE-2024-40543 | Hig | 0.57 | 8.8 | 0.00 | Jul 12, 2024 | PublicCMS v4.0.202302.e was discovered to contain a Server-Side Request Forgery (SSRF) via the component /admin/ueditor?action=catchimage. | ||
| CVE-2024-40522 | Hig | 0.57 | 8.8 | 0.01 | Jul 12, 2024 | There is a remote code execution vulnerability in SeaCMS 12.9. The vulnerability is caused by phomebak.php writing some variable names passed in without filtering them before writing them into the php file. An authenticated attacker can exploit this vulnerability to execute… | ||
| CVE-2024-40521 | Hig | 0.57 | 8.8 | 0.01 | Jul 12, 2024 | SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is due to the fact that although admin_template.php imposes certain restrictions on the edited file, attackers can still bypass the restrictions and write code in some way, allowing authenticated attackers… | ||
| CVE-2024-40520 | Hig | 0.57 | 8.8 | 0.01 | Jul 12, 2024 | SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_config_mark.php directly splicing and writing the user input data into inc_photowatermark_config.php without processing it, which allows authenticated attackers to exploit the… | ||
| CVE-2024-40519 | Hig | 0.57 | 8.8 | 0.01 | Jul 12, 2024 | SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_smtp.php directly splicing and writing the user input data into weixin.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary… | ||
| CVE-2024-40518 | Hig | 0.57 | 8.8 | 0.01 | Jul 12, 2024 | SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_weixin.php directly splicing and writing the user input data into weixin.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary… | ||
| CVE-2024-39917 | Hig | 0.40 | 7.2 | 0.01 | Jul 12, 2024 | xrdp is an open source RDP server. xrdp versions prior to 0.10.0 have a vulnerability that allows attackers to make an infinite number of login attempts. The number of max login attempts is supposed to be limited by a configuration parameter `MaxLoginRetry` in… | ||
| CVE-2024-38735 | Hig | 0.49 | 7.5 | 0.01 | Jul 12, 2024 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Bastien Ho Event post event-post.This issue affects Event post: from n/a through <= 5.9.5. |
- risk 0.39cvss 7.1epss 0.00
The Brizy – Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_item' function in all versions up to, and including, 2.4.44. This makes it possible for authenticated attackers, with contributor…
- risk 0.46cvss 8.1epss 0.01
In streampark-console the list pages(e.g: application pages), users can sort page by field. This sort field is sent from the front-end to the back-end, and the SQL query is generated using this field. However, because this sort field isn't validated, there is a risk of SQL…
- risk 0.46cvss 8.1epss 0.01
Plate media is an open source, rich-text editor for React. Editors that use `MediaEmbedElement` and pass custom `urlParsers` to the `useMediaState` hook may be vulnerable to XSS if a custom parser allows `javascript:`, `data:` or `vbscript:` URLs to be embedded. Editors that do…
- risk 0.47cvss 7.3epss 0.00
eLinkSmart Hidden Smart Cabinet Lock 2024-05-22 has Incorrect Access Control and fails to perform an authorization check which can lead to card duplication and other attacks.
- risk 0.49cvss 7.5epss 0.00
An SMM callout vulnerability was discovered in Supermicro X11DPH-T, X11DPH-Tq, and X11DPH-i motherboards with BIOS firmware before 4.4.
- risk 0.49cvss 7.5epss 0.00
An arbitrary memory write vulnerability was discovered in Supermicro X11DPH-T, X11DPH-Tq, and X11DPH-i motherboards with BIOS firmware before 4.4.
- risk 0.49cvss 7.5epss 0.00
An arbitrary memory write vulnerability was discovered in Supermicro X11DPG-HGX2, X11PDG-QT, X11PDG-OT, and X11PDG-SN motherboards with BIOS firmware before 4.4.
- risk 0.46cvss 7.1epss 0.00
Improper input validation in the installer for some Zoom Apps for Windows may allow an authenticated user to conduct a privilege escalation via local access.
- risk 0.46cvss 7.1epss 0.00
Race condition in the installer for some Zoom Apps and SDKs for Windows before version 6.0.0 may allow an authenticated user to conduct a privilege escalation via local access.
- risk 0.47cvss 7.3epss 0.00
Tmall_demo before v2024.07.03 was discovered to contain a SQL injection vulnerability.
- risk 0.49cvss 7.5epss 0.00
An access control issue in Tmall_demo v2024.07.03 allows attackers to obtain sensitive information.
- risk 0.51cvss 7.8epss 0.00
Local Privilege Escalation in MSI-Installer in baramundi Management Agent v23.1.172.0 on Windows allows a local unprivileged user to escalate privileges to SYSTEM.
- risk 0.56cvss —epss 0.01
This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request.
- risk 0.55cvss —epss 0.00
The vulnerability allows an unauthenticated attacker to read arbitrary information from the database.
- risk 0.51cvss 7.8epss 0.00
Unquoted Search Path or Element vulnerability in ABB Mint Workbench. A local attacker who successfully exploited this vulnerability could gain elevated privileges by inserting an executable file in the path of the affected service. This issue affects Mint Workbench I…
- risk 0.48cvss 7.3epss 0.01
A vulnerability classified as critical has been found in code-projects Simple Ticket Booking 1.0. Affected is an unknown function of the file adminauthenticate.php of the component Login. The manipulation of the argument email/password leads to sql injection. It is possible to…
- risk 0.57cvss 8.8epss 0.01
In Apache Linkis <=1.5.0, due to the lack of effective filtering of parameters, an attacker configuring malicious db2 parameters in the DataSource Manager Module will result in jndi injection. Therefore, the parameters in the DB2 URL should be blacklisted. This attack…
- risk 0.50cvss 8.8epss 0.01
In Apache Linkis <= 1.5.0, data source management module, when adding Mysql data source, exists remote code execution vulnerability for java version < 1.8.0_241. The deserialization vulnerability exploited through jrmp can inject malicious files into the server and execute…
- risk 0.57cvss 8.8epss 0.00
The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
- risk 0.57cvss 8.8epss 0.01
The Insert or Embed Articulate Content into WordPress plugin before 4.3000000024 does not prevent authors from uploading arbitrary files to the site, which may allow them to upload PHP shells on affected sites.
- risk 0.48cvss 8.5epss 0.02
Versions of the package langchain-experimental from 0.0.15 and before 0.0.21 are vulnerable to Arbitrary Code Execution when retrieving values from the database, the code will attempt to call 'eval' on all values. An attacker can exploit this vulnerability and execute arbitrary…
- risk 0.57cvss 8.8epss 0.01
The access control in the Electronic Official Document Management System from 2100 TECHNOLOGY is not properly implemented, allowing remote attackers with regular privileges to access the account settings functionality and create an administrator account.
- risk 0.50cvss 8.8epss 0.02
A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are…
- risk 0.51cvss 7.8epss 0.00
In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix UAF in svc_tcp_listen_data_ready() After the listener svc_sock is freed, and before invoking svc_tcp_accept() for the established child sock, there is a window that the newsock retaining a freed…
- risk 0.46cvss 7.1epss 0.00
The wp-eMember WordPress plugin before 10.6.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
- risk 0.46cvss 7.1epss 0.00
The WP QuickLaTeX WordPress plugin before 3.8.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite…
- risk 0.46cvss 7.1epss 0.00
The wp-affiliate-platform WordPress plugin before 6.5.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in user change them via a CSRF attack
- risk 0.53cvss 8.1epss 0.00
The CM Email Registration Blacklist and Whitelist WordPress plugin before 1.4.9 does not have CSRF check when adding or deleting an item from the blacklist or whitelist, which could allow attackers to make a logged in admin add or delete settings from the blacklist or whitelist…
- risk 0.46cvss 7.1epss 0.00
The SULly WordPress plugin before 4.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
- risk 0.57cvss 8.8epss 0.01
The wp-eMember WordPress plugin before 10.6.6 does not validate files to be uploaded, which could allow admins to upload arbitrary files such as PHP on the server
- risk 0.57cvss 8.8epss 0.00
The wp-eMember WordPress plugin before 10.6.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
- risk 0.57cvss 8.8epss 0.00
The SULly WordPress plugin before 4.3.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
- risk 0.57cvss 8.8epss 0.01
StoneFly Storage Concentrator (SC and SCVM) before 8.0.4.26 allows remote authenticated users to achieve Command Injection via a Ping URL, leading to remote code execution.
- risk 0.47cvss 7.2epss 0.00
The User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the name parameter in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output…
- risk 0.57cvss 8.8epss 0.01
PublicCMS v4.0.202302.e was discovered to contain a remote commande execution (RCE) vulnerability via the cmdarray parameter at /site/ScriptComponent.java.
- risk 0.57cvss 8.8epss 0.00
An arbitrary file upload vulnerability in the component /admin/cmsTemplate/doUpload of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.
- risk 0.57cvss 8.8epss 0.01
An arbitrary file upload vulnerability in the component /admin/cmsTemplate/savePlaceMetaData of Public CMS v.4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.
- risk 0.57cvss 8.8epss 0.01
An arbitrary file upload vulnerability in the component /admin/cmsTemplate/savePlace of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.
- risk 0.57cvss 8.8epss 0.01
An arbitrary file upload vulnerability in the component /admin/cmsTemplate/save of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.
- risk 0.57cvss 8.8epss 0.01
An arbitrary file upload vulnerability in the component /admin/cmsWebFile/save of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.
- risk 0.57cvss 8.8epss 0.01
An arbitrary file upload vulnerability in the component /admin/cmsWebFile/doUpload of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.
- risk 0.57cvss 8.8epss 0.00
PublicCMS v4.0.202302.e was discovered to contain a Server-Side Request Forgery (SSRF) via the component /admin/#maintenance_sysTask/edit.
- risk 0.57cvss 8.8epss 0.00
PublicCMS v4.0.202302.e was discovered to contain a Server-Side Request Forgery (SSRF) via the component /admin/ueditor?action=catchimage.
- risk 0.57cvss 8.8epss 0.01
There is a remote code execution vulnerability in SeaCMS 12.9. The vulnerability is caused by phomebak.php writing some variable names passed in without filtering them before writing them into the php file. An authenticated attacker can exploit this vulnerability to execute…
- risk 0.57cvss 8.8epss 0.01
SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is due to the fact that although admin_template.php imposes certain restrictions on the edited file, attackers can still bypass the restrictions and write code in some way, allowing authenticated attackers…
- risk 0.57cvss 8.8epss 0.01
SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_config_mark.php directly splicing and writing the user input data into inc_photowatermark_config.php without processing it, which allows authenticated attackers to exploit the…
- risk 0.57cvss 8.8epss 0.01
SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_smtp.php directly splicing and writing the user input data into weixin.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary…
- risk 0.57cvss 8.8epss 0.01
SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_weixin.php directly splicing and writing the user input data into weixin.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary…
- risk 0.40cvss 7.2epss 0.01
xrdp is an open source RDP server. xrdp versions prior to 0.10.0 have a vulnerability that allows attackers to make an infinite number of login attempts. The number of max login attempts is supposed to be limited by a configuration parameter `MaxLoginRetry` in…
- risk 0.49cvss 7.5epss 0.01
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Bastien Ho Event post event-post.This issue affects Event post: from n/a through <= 5.9.5.