LearnDash LMS < 4.10.2 - Sensitive Information Exposure via assignments

The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via direct file access due to insufficient protection of uploaded assignments. This makes it possible for unauthenticated attackers to obtain those uploads. id:...

LearnDash LMS < 4.10.3 - Sensitive Information Exposure

The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.2 via API. This makes it possible for unauthenticated attackers to obtain access to quiz questions. id: CVE-2024-1208 info: name: LearnDash LMS 4.10.3 - Sensitive...

Metersphere - Arbitrary File Read

Metersphere is an open source continuous testing platform. In affected versions an improper access control vulnerability exists in /api/jmeter/download/files, which allows any user to download any file without authentication. This issue may expose all files available to the running process. This...

Weaver OA 9.5 - Information Disclosure

A vulnerability was found in Weaver OA 9.5 and classified as problematic. This issue affects some unknown processing of the file /building/backmgr/urlpage/mobileurl/configfile/jx2config.ini. The manipulation leads to files or directories accessible. The attack may be initiated remotely. id:...

Avada < 7.11.7 - Information Disclosure

The Avada theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.11.6 via the '/wp-content/uploads/fusion-forms/' directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via an Avada created form with ...

Download Monitor <= 4.7.60 - Sensitive Information Exposure

The Download Monitor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.7.60 via REST API. This can allow unauthenticated attackers to extract sensitive data including user reports, download reports, and user data including email, role, id and...

VMware - Local File Inclusion

VMware Workspace ONE Access, Identity Manager, and Realize Automation are vulnerable to local file inclusion because they contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access withou...

D-Link DIR-816L - Improper Access Control

D-Link DIR-816LFW206b01 is susceptible to improper access control. An attacker can access folders folderview.php and categoryview.php and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2022-28955 info: name: D-Link DIR-816L - Improper...

Hospital Management System 1.0 - SQL Injection

Hospital Management System 1.0 contains a SQL injection vulnerability via the editid parameter in /HMS/doctor.php. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. id:...

kkFileView 4.0.0 - Cross-Site Scripting

kkFileView 4.0.0 contains multiple cross-site scripting vulnerabilities via the urls and currentUrl parameters at /controller/OnlinePreviewController.java. id: CVE-2022-29349 info: name: kkFileView 4.0.0 - Cross-Site Scripting author: arafatansari severity: medium description: | kkFileView 4.0.0...

WordPress Directorist <7.3.1 - Information Disclosure

WordPress Directorist plugin before 7.3.1 is susceptible to information disclosure. The plugin discloses the email address of all users in an AJAX action available to both unauthenticated and authenticated users. id: CVE-2022-2376 info: name: WordPress Directorist 7.3.1 - Information Disclosure...

rConfig <3.9.4 - Sensitive Information Disclosure

rConfig prior to version 3.9.4 is susceptible to sensitive information disclosure. An unauthenticated attacker can retrieve saved cleartext credentials via a GET request to settings.php. Because the application does not exit after a redirect is applied, the rest of the page still executes,...

Icinga Web 2 - Arbitrary File Disclosure

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the contents of files of the local system accessible to the web-server user, including icingaweb2 configuration files with database credentials. id: CVE-2022-24716 info:...

Prometheus - Open Redirect

Prometheus 2.23.0 through 2.26.0 and 2.27.0 contains an open redirect vulnerability. To ensure a seamless transition to 2.27.0, the default UI was changed to the new UI with a URL prefixed by /new redirect to /. Due to a bug in the code, an attacker can redirect a user to a malicious site and...

Nagios 5.5.6-5.7.5 - Authenticated Remote Command Injection

Nagios XI 5.5.6 through 5.7.5 is susceptible to authenticated remote command injection. There is improper sanitization of authenticated user-controlled input by a single HTTP request via the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php. This in turn can lead to remot...

WordPress Ninja Job Board < 1.3.3 - Direct Request

WordPress Ninja Job Board plugin prior to 1.3.3 is susceptible to a direct request vulnerability. The plugin does not protect the directory where it stores uploaded resumes, making it vulnerable to unauthenticated directory listing which allows the download of uploaded resumes. id: CVE-2022-2544...

Cuppa CMS v1.0 - Local File Inclusion

CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertConfigField.php. id: CVE-2022-25486 info: name: Cuppa CMS v1.0 - Local File Inclusion author: theamanrawat severity: high description: | CuppaCMS v1.0 was discovered to contain a local file...

WordPress Simple Ajax Chat <20220116 - Sensitive Information Disclosure vulnerability

WordPress Simple Ajax Chat before 20220216 is vulnerable to sensitive information disclosure. The plugin does not properly restrict access to the exported data via the sac-export.csv file, which could allow unauthenticated users to access it. id: CVE-2022-27849 info: name: WordPress Simple Ajax...

Ametys CMS Information Disclosure

Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to read documents such as plugins/web/service/search/auto-completion/domain/en.xml and similar pathnames for other languages via the auto-completion plugin, which contain all characters typed by all users, including the content of...

Commvault CommCell - Local File Inclusion

CommCell in Commvault before 14.68, 15.x before 15.58, 16.x before 16.44, 17.x before 17.29, and 18.x before 18.13 are vulnerable to local file inclusion because an attacker can view a log file can instead view a file outside of the log-files folder. id: CVE-2020-25780 info: name: Commvault...