| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-5324 | Hig | 0.50 | 8.8 | 0.02 | Jun 6, 2024 | Multiple plugins for WordPress utilizing the XootiX Framework are vulnerable to unauthorized modification of data due to a missing capability check on the 'import_settings' function in various versions. This makes it possible for authenticated attackers, with Subscriber-level… | ||
| CVE-2024-5179 | Hig | 0.57 | 8.8 | 0.01 | Jun 6, 2024 | The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.2 via the 'item_style' and 'style' parameters. This makes it possible for authenticated attackers, with Contributor-level access and above, to… | ||
| CVE-2023-6968 | Hig | 0.46 | 8.1 | 0.00 | Jun 6, 2024 | The The Moneytizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.6.3. This is due to missing or incorrect nonce validation on multiple AJAX functions. This makes it possible for unauthenticated attackers to to update and… | ||
| CVE-2023-6966 | Hig | 0.46 | 8.1 | 0.00 | Jun 6, 2024 | The The Moneytizer plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on multiple AJAX functions in the /core/core_ajax.php file in all versions up to, and including, 9.6.3. This makes it… | ||
| CVE-2024-5653 | Hig | 0.47 | 7.3 | 0.01 | Jun 5, 2024 | A vulnerability, which was classified as critical, has been found in Chanjet Smooth T+system 3.5. This issue affects some unknown processing of the file /tplus/UFAQD/keyEdit.aspx. The manipulation of the argument KeyID leads to sql injection. The attack may be initiated… | ||
| CVE-2024-36670 | Hig | 0.57 | 8.8 | 0.00 | Jun 5, 2024 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/vpsClass_deal.php?mudi=del | ||
| CVE-2024-36669 | Hig | 0.57 | 8.8 | 0.00 | Jun 5, 2024 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/type_deal.php?mudi=add. | ||
| CVE-2024-36668 | Hig | 0.57 | 8.8 | 0.00 | Jun 5, 2024 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/type_deal.php?mudi=del | ||
| CVE-2024-36667 | Hig | 0.57 | 8.8 | 0.00 | Jun 5, 2024 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/idcProType_deal.php?mudi=add&nohrefStr=close | ||
| CVE-2023-49928 | Hig | 0.49 | 7.5 | 0.00 | Jun 5, 2024 | An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos Modem 5123, Exynos Modem 5300. The baseband… | ||
| CVE-2024-5037 | Hig | 0.00 | 7.5 | 0.01 | Jun 5, 2024 | A flaw was found in OpenShift's Telemeter. If certain conditions are in place, an attacker can use a forged token to bypass the issue ("iss") check during JSON web token (JWT) authentication. | ||
| CVE-2024-36129 | Hig | 0.46 | 8.2 | 0.01 | Jun 5, 2024 | The OpenTelemetry Collector offers a vendor-agnostic implementation on how to receive, process and export telemetry data. An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. OTel Collector version… | ||
| CVE-2024-20404 | Hig | 0.49 | 7.2 | 0.22 | Jun 5, 2024 | A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct an SSRF attack on an affected system. This vulnerability is due to insufficient validation of user-supplied input for specific HTTP requests that… | ||
| CVE-2024-36837 | Hig | 0.49 | 7.5 | 0.08 | Jun 5, 2024 | SQL Injection vulnerability in CRMEB v.5.2.2 allows a remote attacker to obtain sensitive information via the getProductList function in the ProductController.php file. | ||
| CVE-2024-5526 | Hig | 0.50 | 7.7 | 0.00 | Jun 5, 2024 | Grafana OnCall is an easy-to-use on-call management tool that will help reduce toil in on-call management through simpler workflows and interfaces that are tailored specifically for engineers. Grafana OnCall, from version 1.1.37 before 1.5.2 are vulnerable to a Server Side… | ||
| CVE-2024-1662 | Hig | 0.49 | 7.5 | 0.00 | Jun 5, 2024 | Missing Authentication for Critical Function, Missing Authorization vulnerability in PORTY Smart Tech Technology Joint Stock Company PowerBank Application allows Retrieve Embedded Sensitive Data. This issue affects PowerBank Application: before 2.02. | ||
| CVE-2024-4743 | Hig | 0.50 | 8.8 | 0.00 | Jun 5, 2024 | The LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to SQL Injection via the orderBy attribute of the lifterlms_favorites shortcode in all versions up to, and including, 7.6.2 due to insufficient escaping on the user supplied parameter and… | ||
| CVE-2024-1272 | Hig | 0.49 | 7.5 | 0.00 | Jun 5, 2024 | Inclusion of Sensitive Information in Source Code vulnerability in TNB Mobile Solutions Cockpit Software allows Retrieve Embedded Sensitive Data. This issue affects Cockpit Software: before v0.251.1. | ||
| CVE-2024-3667 | Hig | 0.48 | 7.4 | 0.00 | Jun 5, 2024 | The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Link To' field of multiple widgets in all versions up to, and including, 2.4.43 due to insufficient input sanitization and output escaping on user supplied attributes. This… | ||
| CVE-2024-2087 | Hig | 0.47 | 7.2 | 0.00 | Jun 5, 2024 | The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form name values in all versions up to, and including, 2.4.43 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to… | ||
| CVE-2024-1940 | Hig | 0.46 | 7.1 | 0.00 | Jun 5, 2024 | The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post content in all versions up to, and including, 2.4.41 due to insufficient input sanitization performed only on the client side and insufficient output escaping. This makes it… | ||
| CVE-2024-4084 | Hig | 0.49 | 7.5 | 0.00 | Jun 5, 2024 | A Server-Side Request Forgery (SSRF) vulnerability exists in the latest version of mintplex-labs/anything-llm, allowing attackers to bypass the official fix intended to restrict access to intranet IP addresses and protocols. Despite efforts to filter out intranet IP addresses… | ||
| CVE-2022-28657 | Hig | 0.51 | 7.8 | 0.00 | Jun 4, 2024 | Apport does not disable python crash handler before entering chroot | ||
| CVE-2022-28655 | Hig | 0.46 | 7.1 | 0.00 | Jun 4, 2024 | is_closing_session() allows users to create arbitrary tcp dbus connections | ||
| CVE-2024-34363 | Hig | 0.49 | 7.5 | 0.01 | Jun 4, 2024 | Envoy is a cloud-native, open source edge and service proxy. Due to how Envoy invoked the nlohmann JSON library, the library could throw an uncaught exception from downstream data if incomplete UTF-8 strings were serialized. The uncaught exception would cause Envoy to crash. | ||
| CVE-2024-32976 | Hig | 0.49 | 7.5 | 0.01 | Jun 4, 2024 | Envoy is a cloud-native, open source edge and service proxy. Envoyproxy with a Brotli filter can get into an endless loop during decompression of Brotli data with extra input. | ||
| CVE-2024-4520 | Hig | 0.00 | 7.5 | 0.01 | Jun 4, 2024 | An improper access control vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, specifically in version 20240410. This vulnerability allows any user on the server to access the chat history of any other user without requiring any form of interaction between the… | ||
| CVE-2024-36857 | — | Hig | 0.49 | 7.5 | 0.02 | Jun 4, 2024 | Jan v0.4.12 was discovered to contain an arbitrary file read vulnerability via the /v1/app/readFileSync interface. | |
| CVE-2024-35672 | Hig | 0.49 | 7.5 | 0.00 | Jun 4, 2024 | Missing Authorization vulnerability in Netgsm.This issue affects Netgsm: from n/a through 2.9.19. | ||
| CVE-2024-25095 | Hig | 0.49 | 7.5 | 0.00 | Jun 4, 2024 | Insertion of Sensitive Information into Log File vulnerability in Code Parrots Easy Forms for Mailchimp.This issue affects Easy Forms for Mailchimp: from n/a through 6.9.0. | ||
| CVE-2024-36550 | Hig | 0.57 | 8.8 | 0.00 | Jun 4, 2024 | idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/vpsCompany_deal.php?mudi=add&nohrefStr=close | ||
| CVE-2024-36549 | Hig | 0.57 | 8.8 | 0.00 | Jun 4, 2024 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/vpsCompany_deal.php?mudi=rev&nohrefStr=close | ||
| CVE-2024-36548 | Hig | 0.57 | 8.8 | 0.00 | Jun 4, 2024 | idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/vpsCompany_deal.php?mudi=del | ||
| CVE-2024-36547 | Hig | 0.57 | 8.8 | 0.00 | Jun 4, 2024 | idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/vpsClass_deal.php?mudi=add | ||
| CVE-2024-35652 | Hig | 0.46 | 7.1 | 0.00 | Jun 4, 2024 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saso Nikolov Event Tickets with Ticket Scanner allows Reflected XSS.This issue affects Event Tickets with Ticket Scanner: from n/a through 2.3.1. | ||
| CVE-2024-32871 | Hig | 0.42 | 7.5 | 0.01 | Jun 4, 2024 | Pimcore is an Open Source Data & Experience Management Platform. The Pimcore thumbnail generation can be used to flood the server with large files. By changing the file extension or scaling factor of the requested thumbnail, attackers can create files that are much larger in… | ||
| CVE-2024-29004 | Hig | 0.46 | 7.1 | 0.00 | Jun 4, 2024 | The SolarWinds Platform was determined to be affected by a stored cross-site scripting vulnerability affecting the web console. A high-privileged user and user interaction is required to exploit this vulnerability. | ||
| CVE-2024-28996 | Hig | 0.49 | 7.5 | 0.00 | Jun 4, 2024 | The SolarWinds Platform was determined to be affected by a SWQL Injection Vulnerability. Attack complexity is high for this vulnerability. | ||
| CVE-2024-35668 | Hig | 0.46 | 7.1 | 0.00 | Jun 4, 2024 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brevo Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue allows Reflected XSS.This issue affects Newsletter, SMTP, Email marketing and Subscribe forms by… | ||
| CVE-2024-35664 | Hig | 0.46 | 7.1 | 0.00 | Jun 4, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpvividplugins WPvivid Backup for MainWP wpvivid-backup-mainwp allows Reflected XSS.This issue affects WPvivid Backup for MainWP: from n/a through <= 0.9.32. | ||
| CVE-2024-34554 | Hig | 0.55 | 8.5 | 0.01 | Jun 4, 2024 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Select-Themes Stockholm Core allows PHP Local File Inclusion.This issue affects Stockholm Core: from n/a through 2.4.1. | ||
| CVE-2024-34552 | Hig | 0.55 | 8.5 | 0.01 | Jun 4, 2024 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Select-Themes Stockholm allows PHP Local File Inclusion.This issue affects Stockholm: from n/a through 9.6. | ||
| CVE-2024-33628 | Hig | 0.57 | 8.8 | 0.01 | Jun 4, 2024 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in XforWooCommerce allows PHP Local File Inclusion.This issue affects XforWooCommerce: from n/a through 2.0.2. | ||
| CVE-2024-33568 | Hig | 0.55 | 8.5 | 0.01 | Jun 4, 2024 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Deserialization of Untrusted Data vulnerability in BdThemes Element Pack Pro allows Path Traversal, Object Injection.This issue affects Element Pack Pro: from n/a before 7.19.3. | ||
| CVE-2024-36800 | Hig | 0.49 | 7.5 | 0.01 | Jun 4, 2024 | A SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via the ID parameter in Download.php. | ||
| CVE-2024-33557 | Hig | 0.55 | 8.5 | 0.01 | Jun 4, 2024 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in 8theme XStore Core allows PHP Local File Inclusion.This issue affects XStore Core: from n/a through 5.3.8. | ||
| CVE-2024-29170 | Hig | 0.53 | 8.1 | 0.00 | Jun 4, 2024 | Dell PowerScale OneFS versions 8.2.x through 9.8.0.x contain a use of hard coded credentials vulnerability. An adjacent network unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure of network traffic and denial of service. | ||
| CVE-2024-4254 | Hig | 0.46 | 7.1 | 0.00 | Jun 4, 2024 | The 'deploy-website.yml' workflow in the gradio-app/gradio repository, specifically in the 'main' branch, is vulnerable to secrets exfiltration due to improper authorization. The vulnerability arises from the workflow's explicit checkout and execution of code from a fork, which… | ||
| CVE-2024-37065 | Hig | 0.51 | 7.8 | 0.00 | Jun 4, 2024 | Deserialization of untrusted data can occur in versions 0.6 or newer of the skops python library, enabling a maliciously crafted model to run arbitrary code on an end user's system when loaded. | ||
| CVE-2024-37064 | Hig | 0.51 | 7.8 | 0.00 | Jun 4, 2024 | Deseriliazation of untrusted data can occur in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library, enabling a maliciously crafted dataset to run arbitrary code on an end user's system when loaded. |
- risk 0.50cvss 8.8epss 0.02
Multiple plugins for WordPress utilizing the XootiX Framework are vulnerable to unauthorized modification of data due to a missing capability check on the 'import_settings' function in various versions. This makes it possible for authenticated attackers, with Subscriber-level…
- risk 0.57cvss 8.8epss 0.01
The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.2 via the 'item_style' and 'style' parameters. This makes it possible for authenticated attackers, with Contributor-level access and above, to…
- risk 0.46cvss 8.1epss 0.00
The The Moneytizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.6.3. This is due to missing or incorrect nonce validation on multiple AJAX functions. This makes it possible for unauthenticated attackers to to update and…
- risk 0.46cvss 8.1epss 0.00
The The Moneytizer plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on multiple AJAX functions in the /core/core_ajax.php file in all versions up to, and including, 9.6.3. This makes it…
- risk 0.47cvss 7.3epss 0.01
A vulnerability, which was classified as critical, has been found in Chanjet Smooth T+system 3.5. This issue affects some unknown processing of the file /tplus/UFAQD/keyEdit.aspx. The manipulation of the argument KeyID leads to sql injection. The attack may be initiated…
- risk 0.57cvss 8.8epss 0.00
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/vpsClass_deal.php?mudi=del
- risk 0.57cvss 8.8epss 0.00
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/type_deal.php?mudi=add.
- risk 0.57cvss 8.8epss 0.00
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/type_deal.php?mudi=del
- risk 0.57cvss 8.8epss 0.00
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/idcProType_deal.php?mudi=add&nohrefStr=close
- risk 0.49cvss 7.5epss 0.00
An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos Modem 5123, Exynos Modem 5300. The baseband…
- risk 0.00cvss 7.5epss 0.01
A flaw was found in OpenShift's Telemeter. If certain conditions are in place, an attacker can use a forged token to bypass the issue ("iss") check during JSON web token (JWT) authentication.
- risk 0.46cvss 8.2epss 0.01
The OpenTelemetry Collector offers a vendor-agnostic implementation on how to receive, process and export telemetry data. An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. OTel Collector version…
- risk 0.49cvss 7.2epss 0.22
A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct an SSRF attack on an affected system. This vulnerability is due to insufficient validation of user-supplied input for specific HTTP requests that…
- risk 0.49cvss 7.5epss 0.08
SQL Injection vulnerability in CRMEB v.5.2.2 allows a remote attacker to obtain sensitive information via the getProductList function in the ProductController.php file.
- risk 0.50cvss 7.7epss 0.00
Grafana OnCall is an easy-to-use on-call management tool that will help reduce toil in on-call management through simpler workflows and interfaces that are tailored specifically for engineers. Grafana OnCall, from version 1.1.37 before 1.5.2 are vulnerable to a Server Side…
- risk 0.49cvss 7.5epss 0.00
Missing Authentication for Critical Function, Missing Authorization vulnerability in PORTY Smart Tech Technology Joint Stock Company PowerBank Application allows Retrieve Embedded Sensitive Data. This issue affects PowerBank Application: before 2.02.
- risk 0.50cvss 8.8epss 0.00
The LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to SQL Injection via the orderBy attribute of the lifterlms_favorites shortcode in all versions up to, and including, 7.6.2 due to insufficient escaping on the user supplied parameter and…
- risk 0.49cvss 7.5epss 0.00
Inclusion of Sensitive Information in Source Code vulnerability in TNB Mobile Solutions Cockpit Software allows Retrieve Embedded Sensitive Data. This issue affects Cockpit Software: before v0.251.1.
- risk 0.48cvss 7.4epss 0.00
The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Link To' field of multiple widgets in all versions up to, and including, 2.4.43 due to insufficient input sanitization and output escaping on user supplied attributes. This…
- risk 0.47cvss 7.2epss 0.00
The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form name values in all versions up to, and including, 2.4.43 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to…
- risk 0.46cvss 7.1epss 0.00
The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post content in all versions up to, and including, 2.4.41 due to insufficient input sanitization performed only on the client side and insufficient output escaping. This makes it…
- risk 0.49cvss 7.5epss 0.00
A Server-Side Request Forgery (SSRF) vulnerability exists in the latest version of mintplex-labs/anything-llm, allowing attackers to bypass the official fix intended to restrict access to intranet IP addresses and protocols. Despite efforts to filter out intranet IP addresses…
- risk 0.51cvss 7.8epss 0.00
Apport does not disable python crash handler before entering chroot
- risk 0.46cvss 7.1epss 0.00
is_closing_session() allows users to create arbitrary tcp dbus connections
- risk 0.49cvss 7.5epss 0.01
Envoy is a cloud-native, open source edge and service proxy. Due to how Envoy invoked the nlohmann JSON library, the library could throw an uncaught exception from downstream data if incomplete UTF-8 strings were serialized. The uncaught exception would cause Envoy to crash.
- risk 0.49cvss 7.5epss 0.01
Envoy is a cloud-native, open source edge and service proxy. Envoyproxy with a Brotli filter can get into an endless loop during decompression of Brotli data with extra input.
- risk 0.00cvss 7.5epss 0.01
An improper access control vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, specifically in version 20240410. This vulnerability allows any user on the server to access the chat history of any other user without requiring any form of interaction between the…
- risk 0.49cvss 7.5epss 0.02
Jan v0.4.12 was discovered to contain an arbitrary file read vulnerability via the /v1/app/readFileSync interface.
- risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in Netgsm.This issue affects Netgsm: from n/a through 2.9.19.
- risk 0.49cvss 7.5epss 0.00
Insertion of Sensitive Information into Log File vulnerability in Code Parrots Easy Forms for Mailchimp.This issue affects Easy Forms for Mailchimp: from n/a through 6.9.0.
- risk 0.57cvss 8.8epss 0.00
idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/vpsCompany_deal.php?mudi=add&nohrefStr=close
- risk 0.57cvss 8.8epss 0.00
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/vpsCompany_deal.php?mudi=rev&nohrefStr=close
- risk 0.57cvss 8.8epss 0.00
idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/vpsCompany_deal.php?mudi=del
- risk 0.57cvss 8.8epss 0.00
idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/vpsClass_deal.php?mudi=add
- risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saso Nikolov Event Tickets with Ticket Scanner allows Reflected XSS.This issue affects Event Tickets with Ticket Scanner: from n/a through 2.3.1.
- risk 0.42cvss 7.5epss 0.01
Pimcore is an Open Source Data & Experience Management Platform. The Pimcore thumbnail generation can be used to flood the server with large files. By changing the file extension or scaling factor of the requested thumbnail, attackers can create files that are much larger in…
- risk 0.46cvss 7.1epss 0.00
The SolarWinds Platform was determined to be affected by a stored cross-site scripting vulnerability affecting the web console. A high-privileged user and user interaction is required to exploit this vulnerability.
- risk 0.49cvss 7.5epss 0.00
The SolarWinds Platform was determined to be affected by a SWQL Injection Vulnerability. Attack complexity is high for this vulnerability.
- risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brevo Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue allows Reflected XSS.This issue affects Newsletter, SMTP, Email marketing and Subscribe forms by…
- risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpvividplugins WPvivid Backup for MainWP wpvivid-backup-mainwp allows Reflected XSS.This issue affects WPvivid Backup for MainWP: from n/a through <= 0.9.32.
- risk 0.55cvss 8.5epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Select-Themes Stockholm Core allows PHP Local File Inclusion.This issue affects Stockholm Core: from n/a through 2.4.1.
- risk 0.55cvss 8.5epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Select-Themes Stockholm allows PHP Local File Inclusion.This issue affects Stockholm: from n/a through 9.6.
- risk 0.57cvss 8.8epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in XforWooCommerce allows PHP Local File Inclusion.This issue affects XforWooCommerce: from n/a through 2.0.2.
- risk 0.55cvss 8.5epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Deserialization of Untrusted Data vulnerability in BdThemes Element Pack Pro allows Path Traversal, Object Injection.This issue affects Element Pack Pro: from n/a before 7.19.3.
- risk 0.49cvss 7.5epss 0.01
A SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via the ID parameter in Download.php.
- risk 0.55cvss 8.5epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in 8theme XStore Core allows PHP Local File Inclusion.This issue affects XStore Core: from n/a through 5.3.8.
- risk 0.53cvss 8.1epss 0.00
Dell PowerScale OneFS versions 8.2.x through 9.8.0.x contain a use of hard coded credentials vulnerability. An adjacent network unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure of network traffic and denial of service.
- risk 0.46cvss 7.1epss 0.00
The 'deploy-website.yml' workflow in the gradio-app/gradio repository, specifically in the 'main' branch, is vulnerable to secrets exfiltration due to improper authorization. The vulnerability arises from the workflow's explicit checkout and execution of code from a fork, which…
- risk 0.51cvss 7.8epss 0.00
Deserialization of untrusted data can occur in versions 0.6 or newer of the skops python library, enabling a maliciously crafted model to run arbitrary code on an end user's system when loaded.
- risk 0.51cvss 7.8epss 0.00
Deseriliazation of untrusted data can occur in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library, enabling a maliciously crafted dataset to run arbitrary code on an end user's system when loaded.