A vulnerability classified as problematic was found in YouDianCMS 9.5.21. This vulnerability affects unknown code of the file /App/Tpl/Member/Default/Order/index.html.Attackers. The manipulation of th ...

A vulnerability classified as problematic has been found in YouDianCMS 9.5.21. This affects an unknown part of the file /App/Tpl/Admin/Default/Log/index.html. The manipulation of the argument UserName ...

Crypt::CBC versions between 1.21 and 3.04 for Perl may use the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. This issue affects ...

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `widgetGrid`, `widgetCountDown`, and `widgetInstagramFeed` methods in all versions up ...

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Woo Grid widget in all versions up to, and including, 1.7.1012 due to insufficient in ...

The WPC Admin Columns plugin for WordPress is vulnerable to privilege escalation in versions 2.0.6 to 2.1.0. This is due to the plugin not properly restricting user meta values that can be updated thr ...

The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, ...

The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, ...

The SKT Blocks – Gutenberg based Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Carousel block in all versions up to, and including, 1.9 due to insufficien ...

The Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.1. This is du ...

The Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.2. This is du ...

The WordPress Mega Menu – QuadMenu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.0. This is due to missing or incorrect nonce validation on ...

The Developer Toolbar plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.3 through the publicly accessible phpinfo.php script. This makes it ...

The Cart66 Cloud plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.7 through the publicly accessible phpinfo.php script. This makes it poss ...

Improper access control in Visual Studio Code allows an authorized attacker to elevate privileges locally.

Out-of-bounds read in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Uncontrolled search path element in Visual Studio Tools for Applications and SQL Server Management Studio allows an authorized attacker to elevate privileges locally.

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘image_id’ parameter in all versions up to, and including, 1.8.3 ...

Prisma Access Browser: Inappropriate control behavior in Prisma Access Browser

An input validation weakness was reported in the TpmSetup module for some legacy System x server products that could allow a local attacker with elevated privileges to read the contents of memory.

SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)

reNgine 2.2.0 - Command Injection (Authenticated)

openSIS 9.1 - SQLi (Authenticated)

dizqueTV 1.5.3 - Remote Code Execution (RCE)

NoteMark < 0.13.0 - Stored XSS

Gitea 1.22.0 - Stored XSS

Invesalius3 - Remote Code Execution

Windows TCP/IP - RCE Checker and Denial of Service

Aurba 501 - Authenticated RCE

HughesNet HT2000W Satellite Modem - Password Reset

Elber Wayber Analog/Digital Audio STL 4.00 - Device Config Disclosure

Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass

Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config

Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass

Helpdeskz v2.0.2 - Stored XSS

Calibre-web 0.6.21 - Stored XSS

Devika v1 - Path Traversal via 'snapshot_path'

Genexus Protection Server 9.7.2.10 - 'protsrvservice' Unquoted Service Path

SolarWinds Kiwi Syslog Server 9.6.7.1 - Unquoted Service Path

Oracle Database 12c Release 1 - Unquoted Service Path