Cross-Site Request Forgery (CSRF) vulnerability in ??WP DX-Watermark.This issue affects DX-Watermark: from n/a through...
9.6CVSS
9.2AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in 大侠wp DX-auto-save-images plugin <= 1.4.0...
8.8CVSS
8.8AI Score
0.001EPSS
A missing permission check in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified...
4.3CVSS
4.5AI Score
0.0004EPSS
A cross-site request forgery (CSRF) vulnerability in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers to connect to an attacker-specified...
3.5CVSS
4.1AI Score
0.0004EPSS
Jenkins Code Dx Plugin 3.1.0 and earlier does not mask Code Dx server API keys displayed on the configuration form, increasing the potential for attackers to observe and capture...
4.3CVSS
4.6AI Score
0.0004EPSS
Jenkins Code Dx Plugin 3.1.0 and earlier stores Code Dx server API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file...
4.3CVSS
4.5AI Score
0.0004EPSS
A missing permission check in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers with Item/Read permission to check for the existence of an attacker-specified file path on an agent file...
4.3CVSS
4.5AI Score
0.0005EPSS
Code Dx versions prior to 2023.4.2 are vulnerable to user impersonation attack where a malicious actor is able to gain access to another user's account by crafting a custom "Remember Me" token. This is possible due to the use of a hard-coded cipher which was used when generating the token. A...
9.8CVSS
9.4AI Score
0.002EPSS
The web configuration service of the affected device contains an authenticated command injection vulnerability. It can be used to execute system commands on the operating system (OS) from the device in the context of the user "root." If the attacker has credentials for the web service, then the...
9CVSS
9.4AI Score
0.001EPSS
The webserver in Delta DX-3021 versions prior to 1.24 is vulnerable to command injection through the network diagnosis page. This vulnerability could allow a remote unauthenticated user to add files, delete files, and change file...
9.1CVSS
9.2AI Score
0.003EPSS
7.2CVSS
7.7AI Score
0.002EPSS
Delta Electronics DX-2100-L1-CN 2.42 is vulnerable to Cross Site Scripting (XSS) via...
5.4CVSS
5.3AI Score
0.001EPSS
The DX Share Selection plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.4. This is due to missing nonce protection on the dxss_admin_page() function found in the ~/dx-share-selection.php file. This makes it possible for unauthenticated attackers...
8.8CVSS
8.4AI Score
0.001EPSS
LRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code remotely at the operating system level, which can allow an attacker to change settings, configurations, software, or access sensitive data on the affected produc. An attacker could also exploit this...
9.8CVSS
9.7AI Score
0.002EPSS
LRM version 2.4 and lower does not implement TLS encryption. A malicious actor can MITM attack sensitive data in-transit, including...
5.9CVSS
6.1AI Score
0.001EPSS
LRM does not restrict the types of files that can be uploaded to the affected product. A malicious actor can upload any file type, including executable code that allows for a remote code...
9.8CVSS
9.6AI Score
0.002EPSS
LRM does not implement authentication or authorization by default. A malicious actor can inject, replay, modify, and/or intercept sensitive...
9.1CVSS
9.3AI Score
0.002EPSS
LRM contains a directory traversal vulnerability that can allow a malicious actor to upload outside the intended directory...
9.8CVSS
9.4AI Score
0.002EPSS
A security vulnerability exists in a management port in the version of ZTE's ZXMP M721V3.10P01B10_M2NCP. An attacker could exploit this vulnerability to build a link to the device and send specific packets to cause a denial of...
5.7CVSS
7.3AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) exists in Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, as demonstrated by a request to ajax.cgi that enables...
8.8CVSS
7.5AI Score
0.001EPSS
Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb has a default password of admin for the admin...
9.8CVSS
7.6AI Score
0.007EPSS
In Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, the "PING" (aka tag_ipPing) feature within the web interface allows performing command injection, via the "pip"...
9.8CVSS
9.4AI Score
0.05EPSS
Cross-Site Scripting (XSS) exists in Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, as demonstrated by the action parameter to...
6.1CVSS
6.4AI Score
0.001EPSS
Cross-site scripting vulnerability in Olive Diary DX allows remote attackers to inject arbitrary web script or HTML via the page...
6.1CVSS
6.1AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in the web administration interface logging feature in Juniper Networks (Redline) DX 5.1.x, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the username login...
6.4AI Score
0.006EPSS