| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has incorrect authentication. |
| The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has full path disclosure. |
| The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has SQL injection. |
| The wp-live-chat-support plugin before 4.1.0 for WordPress has JavaScript injections. |
| The memphis-documents-library plugin before 3.0 for WordPress has XSS via $_REQUEST. |
| The memphis-documents-library plugin before 3.0 for WordPress has Local File Inclusion. |
| The memphis-documents-library plugin before 3.0 for WordPress has Remote File Inclusion. |
| The feature-comments plugin before 1.2.5 for WordPress has CSRF for featuring or burying a comment. |
| The user-domain-whitelist plugin before 1.5 for WordPress has CSRF. |
| The profile-builder plugin before 1.1.66 for WordPress has multiple XSS issues in forms. |
| The duplicate-post plugin before 2.6 for WordPress has SQL injection. |
| The duplicate-post plugin before 2.6 for WordPress has XSS. |
| The cforms2 plugin before 13.2 for WordPress has XSS in lib_ajax.php. |
| The i-recommend-this plugin before 3.7.3 for WordPress has SQL injection. |
| handle_messages in eXtl_tls.c in eXosip before 5.0.0 mishandles a negative value in a content-length header. |
| On Fitbit activity-tracker devices, certain addresses never change. According to the popets-2019-0036.pdf document, this leads to "permanent trackability" and "considerable privacy concerns" without a user-accessible anonymization feature. The devices, such as Charge 2, transmit Bluetooth Low Energy (BLE) advertising packets with a TxAdd flag indicating random addresses, but the addresses remain constant. If devices come within BLE range at one or more locations where an adversary has set up passive sniffing, the adversary can determine whether the same device has entered one of these locations. |
| In Vembu StoreGrid 4.4.x, the front page of the server web interface leaks the private IP address in the "ipaddress" hidden form value of the HTML source code, which is disclosed because of incorrect processing of an index.php/ trailing slash. |
| Vembu StoreGrid 4.4.x has XSS in interface/registercustomer/onlineregsuccess.php, interface/registerreseller/onlineregfailure.php, interface/registerclient/onlineregfailure.php, and interface/registercustomer/onlineregfailure.php. |
| Hash#slice in lib/i18n/core_ext/hash.rb in the i18n gem before 0.8.0 for Ruby allows remote attackers to cause a denial of service (application crash) via a call in a situation where :some_key is present in keep_keys but not present in the hash. |
| The wp-db-backup plugin 2.2.4 for WordPress relies on a five-character string for access control, which makes it easier for remote attackers to read backup archives via a brute-force attack. |
