| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The kadence-blocks-pro WordPress plugin before 2.3.8 does not prevent users with at least the contributor role using some of its shortcode's functionalities to leak arbitrary options from the database. |
| A vulnerability was determined in neurobin shc up to 4.0.3. This vulnerability affects the function make of the file src/shc.c of the component Filename Handler. Executing manipulation can lead to os command injection. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. |
| IBM QRadar SIEM 7.5 through 7.5.0 UP13 could allow an authenticated user to escalate their privileges via a misconfigured cronjob due to execution with unnecessary privileges. |
| IBM QRadar SIEM 7.5 through 7.5.0 Dashboard is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. |
| QuantumNous new-api v.0.8.5.2 is vulnerable to Cross Site Scripting (XSS). |
| Cross Site Scripting vulnerability in docmost v.0.21.0 and before allows an attacker to execute arbitrary code |
| A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following version:
File Station 5 5.5.6.4933 and later |
| n8n-workflows Main Commit ee25413 allows attackers to execute a directory traversal via the download_workflow function within api_server.py |
| The LoMag WareHouse Management application version 1.0.20.120 and older were found to allow weak passwords. By default, hard-coded passwords of 10 characters with little or no complexity are allowed. |
| Certain models of D-Link wireless routers do not properly validate user input in the telnet service, allowing unauthenticated remote attackers to use hard-coded credentials to log into telnet and inject arbitrary OS commands, which can then be executed on the device. |
| Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network. |
| Due to a bug in Zabbix API, the hostprototype.get method lists all host prototypes to users that do not have any user groups assigned to them. |
| Windows Wi-Fi Driver Remote Code Execution Vulnerability |
| OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the email parameter in the Check Email function. |
| OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the indexFile component. |
| OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the callback component. |
| OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the entriesPerPage parameter. |
| OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the joborderID parameter. |
| A vulnerability has been found in Freshwork up to 1.2.3. This impacts an unknown function of the file /api/v2/logout. Such manipulation of the argument post_logout_redirect_uri leads to open redirect. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.2.3 will fix this issue. You should upgrade the affected component. The vendor was contacted early about this disclosure but did not respond in any way. |
| Tencent Libpag v4.3 is vulnerable to Buffer Overflow. A user can send a crafted image to trigger a overflow leading to remote code execution. |
