| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Serviio PRO 1.8 contains an improper access control vulnerability in the Configuration REST API that allows unauthenticated attackers to change the mediabrowser login password. Attackers can send specially crafted requests to the REST API endpoints to modify credentials without authentication. |
| Server-Side Request Forgery (SSRF) vulnerability in MailerPress Team MailerPress mailerpress allows Server Side Request Forgery.This issue affects MailerPress: from n/a through <= 1.4.2. |
| Missing Authorization vulnerability in raratheme Lawyer Landing Page lawyer-landing-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lawyer Landing Page: from n/a through <= 1.2.7. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows DOM-Based XSS.This issue affects MDTF: from n/a through <= 1.3.5. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor Alam Magical Addons For Elementor magical-addons-for-elementor allows Stored XSS.This issue affects Magical Addons For Elementor: from n/a through <= 1.4.1. |
| Missing Authorization vulnerability in raratheme JobScout jobscout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JobScout: from n/a through <= 1.1.7. |
| Missing Authorization vulnerability in vowelweb VW Portfolio vw-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Portfolio: from n/a through <= 1.3.3. |
| Use of Hard-coded Credentials vulnerability in Avantra allows Accessing
Functionality Not Properly Constrained by ACLs. This issue affects
Avantra: before 25.3.0. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in robosoft Robo Gallery robo-gallery allows DOM-Based XSS.This issue affects Robo Gallery: from n/a through <= 5.1.2. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jordy Meow Meow Gallery meow-gallery allows Blind SQL Injection.This issue affects Meow Gallery: from n/a through <= 5.4.4. |
| Cross-Site Request Forgery (CSRF) vulnerability in 10Web Photo Gallery by 10Web photo-gallery allows Cross Site Request Forgery.This issue affects Photo Gallery by 10Web: from n/a through <= 1.8.37. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdevelop Booking Calendar booking allows Blind SQL Injection.This issue affects Booking Calendar: from n/a through <= 10.14.15. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in toocheke Toocheke Companion toocheke-companion allows DOM-Based XSS.This issue affects Toocheke Companion: from n/a through <= 1.194. |
| Missing Authorization vulnerability in WPClever WPC Smart Wishlist for WooCommerce woo-smart-wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPC Smart Wishlist for WooCommerce: from n/a through <= 5.0.8. |
| Missing Authorization vulnerability in themefusecom Brizy brizy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Brizy: from n/a through <= 2.7.23. |
| Improper Control of Generation of Code ('Code Injection') vulnerability in ILLID Advanced Woo Labels advanced-woo-labels allows Remote Code Inclusion.This issue affects Advanced Woo Labels: from n/a through <= 2.36. |
| ZKTeco ZKBioSecurity 3.0 contains a file path manipulation vulnerability that allows attackers to access arbitrary files by modifying file paths used to retrieve local resources. Attackers can manipulate path parameters to bypass access controls and retrieve sensitive information including configuration files, source code, and protected application resources. |
| Telesquare SKT LTE Router SDT-CS3B1 firmware version 1.2.0 contains an insecure direct object reference vulnerability that allows attackers to bypass authorization and access resources by manipulating user-supplied input parameters. Attackers can directly reference objects in the system to retrieve sensitive information and access functionalities without proper access controls. |
| Missing Authorization vulnerability in raratheme The Conference the-conference allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Conference: from n/a through <= 1.2.5. |
| Missing Authorization vulnerability in raratheme Rara Business rara-business allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rara Business: from n/a through <= 1.3.0. |
