* Security Vulnerabilities
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Mooberry Dreams Mooberry Book Manager.This issue affects Mooberry Book Manager: from n/a through...
5.3CVSS
7.3AI Score
0.0004EPSS
Missing Authorization vulnerability in Hamid Alinia – idehweb Login with phone number.This issue affects Login with phone number: from n/a through...
4.3CVSS
7.4AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webpushr Web Push Notifications Webpushr allows Reflected XSS.This issue affects Webpushr: from n/a through...
7.1CVSS
7.4AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AltText.Ai Download Alt Text AI allows Stored XSS.This issue affects Download Alt Text AI: from n/a through...
5.9CVSS
7.2AI Score
0.0004EPSS
Missing Authorization vulnerability in Supsystic Digital Publications by Supsystic.This issue affects Digital Publications by Supsystic: from n/a through...
5.3CVSS
7.4AI Score
0.0004EPSS
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Scribit GDPR Compliance.This issue affects GDPR Compliance: from n/a through...
7.5CVSS
7.3AI Score
0.0004EPSS
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in RoboSoft Robo Gallery.This issue affects Robo Gallery: from n/a through...
5.3CVSS
7.3AI Score
0.0004EPSS
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Brevo for WooCommerce Sendinblue for WooCommerce.This issue affects Sendinblue for WooCommerce: from n/a through...
8.5CVSS
9.3AI Score
0.0004EPSS
Authorization Bypass Through User-Controlled Key vulnerability in The SEO Guys at SEOPress SEOPress.This issue affects SEOPress: from n/a through...
7.4AI Score
0.0004EPSS
html-sanitizer is an allowlist-based HTML cleaner. If using keep_typographic_whitespace=False (which is the default), the sanitizer normalizes unicode to the NFKC form at the end. Some unicode characters normalize to chevrons; this allows specially crafted HTML to escape sanitization. The problem.....
6.1CVSS
6.5AI Score
0.0004EPSS
Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, and....
7.5CVSS
7.1AI Score
0.0004EPSS
Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, >, or =, as each would then be interpreted as starting a separate attribute. If an application accepts keys (...
5.4CVSS
6.2AI Score
0.0004EPSS
go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. Prior to 1.13.15, a vulnerable node can be made to consume very large amounts of memory when handling specially crafted p2p messages sent from an attacker node. The fix has been included in geth version 1.13.15....
7.5CVSS
6.8AI Score
0.0004EPSS
Litestar and Starlite is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to 2.8.3, 2.7.2, and 2.6.4, a Local File Inclusion (LFI) vulnerability has been discovered in the static file serving component of LiteStar. This vulnerability allows attackers to exploit path traversal...
8.2CVSS
6.1AI Score
0.0004EPSS
Memory corruption as GPU registers beyond the last protected range can be accessed through LPAC...
8.4CVSS
7.6AI Score
0.001EPSS
7.5CVSS
7.4AI Score
0.0004EPSS
8.4CVSS
7.6AI Score
0.001EPSS
Memory corruption when the channel ID passed by user is not validated and further...
7.8CVSS
7.6AI Score
0.0004EPSS
7.3CVSS
7.6AI Score
0.0005EPSS
5.9CVSS
7.7AI Score
0.0004EPSS
Memory corruption when size of buffer from previous call is used without validation or...
8.4CVSS
7.8AI Score
0.001EPSS
Memory corruption when the payload received from firmware is not as per the expected protocol...
7.8CVSS
7.7AI Score
0.0004EPSS
8.4CVSS
7.6AI Score
0.001EPSS
8.4CVSS
7.8AI Score
0.001EPSS
6.8CVSS
7.3AI Score
0.001EPSS
Memory corruption when the bandpass filter order received from AHAL is not within the expected...
6.7CVSS
7.6AI Score
0.0004EPSS
Information disclosure when the ADSP payload size received in HLOS in response to Audio Stream Manager matrix session is less than this expected...
6.1CVSS
7.2AI Score
0.0004EPSS
Transient DOS while processing IKEv2 Informational request messages, when a malformed fragment packet is...
7.5CVSS
7.4AI Score
0.0005EPSS
Memory corruption while copying the sound model data from user to kernel buffer during sound model...
6.7CVSS
7.6AI Score
0.0004EPSS
Memory corruption while querying module parameters from Listen Sound model client in kernel from user...
6.7CVSS
7.5AI Score
0.0004EPSS
Memory corruption while loading a VM from a signed VM image that is not coherent in the processor...
8.4CVSS
7.6AI Score
0.001EPSS
Memory corruption when multiple listeners are being registered with the same file...
6.7CVSS
7.7AI Score
0.0004EPSS
A denial of service vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior. When processing an 'ICS Restart!' message, CEBC.exe restarts the...
7.5CVSS
7.2AI Score
0.0004EPSS
A SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateScript' message, which is splitted into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth...
9.8CVSS
7.6AI Score
0.0004EPSS
An SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateHDMWYC' message, which is split into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth...
9.8CVSS
7.6AI Score
0.0004EPSS
The NPort 5100A Series firmware version v1.6 and prior versions are affected by web server XSS vulnerability. The vulnerability is caused by not correctly neutralizing user-controllable input before placing it in output. Malicious users may use the vulnerability to get sensitive information and...
8.3CVSS
6.4AI Score
0.0004EPSS
An unauthenticated local attacker may trick a user to open corrupted project files to crash the system due to use after free...
5.5CVSS
7.3AI Score
0.0004EPSS
An unauthenticated local attacker may trick a user to open corrupted project files to execute arbitrary code or crash the system due to an out-of-bounds write...
7.8CVSS
8.3AI Score
0.001EPSS
The Breakdance plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom postmeta output in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping on user supplied post meta fields. This makes it possible for...
6.4CVSS
6.1AI Score
0.0004EPSS
Maliciously crafted E-Mail attachment names could be used to temporarily execute script code in the context of the users browser session. Common user interaction is required for the vulnerability to trigger. Attackers could perform malicious API requests or extract information from the users...
6.5CVSS
7.3AI Score
0.0004EPSS
A vulnerability was found in SourceCodester Prison Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /Admin/user-record.php. The manipulation of the argument txtfullname leads to cross site scripting. The attack can...
2.4CVSS
6.7AI Score
0.0004EPSS
E-Mails exported as PDF were stored in a cache that did not consider specific session information for the related user account. Users of the same service node could access other users E-Mails in case they were exported as PDF for a brief moment until caches were cleared. Successful exploitation...
5.3CVSS
6.9AI Score
0.0004EPSS
E-Mail containing malicious display-name information could trigger client-side script execution when using specific mobile devices. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. We now use safer.....
6.5CVSS
7.2AI Score
0.0004EPSS
Content-ID based embedding of resources in E-Mails could be abused to trigger client-side script code when using the "show more" option. Attackers could perform malicious API requests or extract information from the users account. Exploiting the vulnerability requires user interaction. Please...
6.5CVSS
7.2AI Score
0.0004EPSS
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /view/student_payment_details2.php. The manipulation of the argument index leads to cross site scripting. It is possible to...
3.5CVSS
6.7AI Score
0.0004EPSS
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /view/student_payment_details3.php. The manipulation of the argument month leads to cross site scripting. The attack may be...
3.5CVSS
6.7AI Score
0.0004EPSS
The Crelly Slider WordPress plugin through 1.4.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.9AI Score
0.0004EPSS
A vulnerability, which was classified as problematic, was found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /view/student_payment_invoice.php. The manipulation of the argument desc leads to cross site scripting. It is possible to initiate.....
3.5CVSS
6.6AI Score
0.0004EPSS
A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /view/student_payment_details4.php. The manipulation of the argument index leads to cross site scripting. The attack can be....
3.5CVSS
6.8AI Score
0.0004EPSS
The MF Gig Calendar WordPress plugin through 1.2.1 does not have CSRF checks in some places, which could allow attackers to make logged in Contributors and above delete arbitrary events via a CSRF...
7.1AI Score
0.0004EPSS