| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The Testimonial plugin for WordPress is vulnerable to SQL Injection via the 'iNICtestimonial' shortcode in all versions up to, and including, 2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. |
| Unsanitized user-supplied data saved in the PingFederate Administrative Console could trigger the execution of JavaScript code in subsequent user processing. |
| The iThoughts Advanced Code Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.10. This is due to missing or incorrect nonce validation on the 'ithoughts_ace_update_options' AJAX action. This makes it possible for unauthenticated attackers to update plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. |
| The Silencesoft RSS Reader plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.6. This is due to missing or incorrect nonce validation on the 'sil_rss_edit_page' page. This makes it possible for unauthenticated attackers to delete RSS feeds via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. |
| The AI Engine plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the rest_simpleFileUpload() function in versions 2.9.3 and 2.9.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server when the REST API is enabled, which may make remote code execution possible. |
| The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in a second request within the body of the first. |
| The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the image_upload_handle() function hooked via the 'add_new_customer' route in all versions up to, and including, 1.0.6. The plugin’s image‐upload handler calls move_uploaded_file() on client‐supplied files without restricting allowed extensions or MIME types, nor sanitizing the filename. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. |
| A vulnerability was found in Mercusys MW301R 1.0.2 Build 190726 Rel.59423n. It has been declared as problematic. This vulnerability affects unknown code of the component Web Interface. The manipulation of the argument code leads to weak password recovery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. |
| Out-of-bound read vulnerability in VMware Workstation 25H1 and below on any platform allows an actor with non-administrative privileges on a guest VM to obtain limited information disclosure from the machine where VMware Workstation is installed. |
| In the Linux kernel, the following vulnerability has been resolved:
i40e: fix validation of VF state in get resources
VF state I40E_VF_STATE_ACTIVE is not the only state in which
VF is actually active so it should not be used to determine
if a VF is allowed to obtain resources.
Use I40E_VF_STATE_RESOURCES_LOADED that is set only in
i40e_vc_get_vf_resources_msg() and cleared during reset. |
| A vulnerability was found in Mercusys MW301R 1.0.2 Build 190726 Rel.59423n. It has been rated as problematic. This issue affects some unknown processing of the component Login. The manipulation leads to improper restriction of excessive authentication attempts. The attack can only be initiated within the local network. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. |
| The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.6.1. This is due to a missing capability check in the `process_image_data_ajax_callback()` function which handles the `kadence_import_process_image_data` AJAX action. The function's authorization check via `verify_ajax_call()` only validates `edit_posts` capability but fails to check for the `upload_files` capability. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary images from remote URLs to the WordPress Media Library, bypassing the standard WordPress capability restriction that prevents Contributors from uploading files. |
| Cash Management in SAP S/4 HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, attacker can add notes in the review request with 'completed' status affecting the integrity of the application. Confidentiality and Availability are not impacted.
|
| The Announce from the Dashboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. |
| Dell Unisphere for PowerMax, version(s) 9.2.4.x, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. |
| Yubico ykman-gui (aka YubiKey Manager GUI) before 1.2.6 on Windows, when Edge is not used, allows privilege escalation because browser windows can open as Administrator. |
| Improper session management in the /login_ok.htm endpoint of DAEnetIP4 METO v1.25 allows attackers to execute a session hijacking attack. |
| A vulnerability, which was classified as critical, was found in pmTicket Project-Management-Software up to 2ef379da2075f4761a2c9029cf91d073474e7486. This affects the function getUserLanguage of the file classes/class.database.php. The manipulation of the argument user_id leads to sql injection. It is possible to initiate the attack remotely. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way. |
| CuteHttpFileServer v.3.1 version has an arbitrary file download vulnerability, which allows attackers to download arbitrary files on the server and obtain sensitive information. |
| WinMatrix3 Web package developed by Simopro Technology has an Arbitrary File Upload vulnerability, allowing remote attackers with administrator privileges to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server. |
