| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eLEOPARD Behance Portfolio Manager allows Stored XSS.This issue affects Behance Portfolio Manager: from n/a through 1.7.5. |
| Missing Authorization vulnerability in Fahad Mahmood Easy Upload Files During Checkout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Upload Files During Checkout: from n/a through 3.0.0. |
| Missing Authorization vulnerability in merkulove Questionar for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Questionar for Elementor: from n/a through 1.1.7. |
| Missing Authorization vulnerability in merkulove Watcher for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Watcher for Elementor: from n/a through 1.0.9. |
| Server-Side Request Forgery (SSRF) vulnerability in Jthemes Genemy allows Server Side Request Forgery.This issue affects Genemy: from n/a through 1.6.6. |
| Cross-Site Request Forgery (CSRF) vulnerability in Ink themes WP Gmail SMTP allows Cross Site Request Forgery.This issue affects WP Gmail SMTP: from n/a through 1.0.7. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Boxy Studio Cooked allows Stored XSS.This issue affects Cooked: from n/a through 1.11.2. |
| Selea CarPlateServer 4.0.1.6 contains a remote program execution vulnerability that allows attackers to execute arbitrary Windows binaries by manipulating the NO_LIST_EXE_PATH configuration parameter. Attackers can bypass authentication through the /cps/ endpoint and modify server configuration, including changing admin passwords and executing system commands. |
| STVS ProVision 5.9.10 contains a cross-site scripting vulnerability in the 'files' POST parameter that allows authenticated attackers to inject arbitrary HTML code. Attackers can exploit the unvalidated input to execute malicious scripts within a user's browser session in the context of the affected site. |
| Missing Authorization vulnerability in merkulove Headinger for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Headinger for Elementor: from n/a through 1.1.4. |
| Missing Authorization vulnerability in merkulove UnGrabber allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UnGrabber: from n/a through 3.1.3. |
| Missing Authorization vulnerability in merkulove Worker for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Worker for Elementor: from n/a through 1.0.10. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Christopher Churchill allows Reflected XSS.This issue affects custom-post-edit: from n/a through 1.0.4. |
| BPMFlowWebkit developed by WELLTEND TECHNOLOGY has a Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Absolute Path Traversal to download arbitrary system files. |
| BPMFlowWebkit developed by WELLTEND TECHNOLOGY has a Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server. |
| A vulnerability was found in GreenCMS up to 2.3. This affects an unknown part of the file /DataController.class.php of the component File Handler. Performing manipulation of the argument sqlFiles/zipFiles results in path traversal. The attack can be initiated remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer. |
| A vulnerability was determined in Campcodes Complete Online Beauty Parlor Management System 1.0. This vulnerability affects unknown code of the file /admin/search-invoices.php. Executing manipulation of the argument searchdata can lead to cross site scripting. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. |
| File upload vulnerability in machsol machpanel 8.0.32 allows attacker to gain a webshell. |
| Stored cross-site scripting (xss) in machsol machpanel 8.0.32 allows attackers to execute arbitrary web scripts or HTML via a crafted PDF file. |
| A vulnerability was found in PX4 PX4-Autopilot up to 1.16.0. Affected by this issue is the function MavlinkLogHandler::state_listing/MavlinkLogHandler::log_entry_from_id of the file src/modules/mavlink/mavlink_log_handler.cpp. The manipulation results in stack-based buffer overflow. The attack is only possible with local access. The patch is identified as 338595edd1d235efd885fd5e9f45e7f9dcf4013d. It is best practice to apply a patch to resolve this issue. |
