4136 matches found
SickChill - Open Redirect
SickChill's login endpoint's 'next' parameter accepts arbitrary content, allowing authenticated attackers to perform open redirects, but this was fixed in commit c7128a8946c3701df95c285810eb75b2de18bf82 by redirecting to a default page. id: CVE-2024-53995 info: name: SickChill - Open Redirect...
WordPress My Calendar <= 3.1.9 - Cross-Site Scripting
WordPress plugin My Calendar = 3.1.10 or apply the vendor-provided patch to fix the XSS vulnerability. reference: - https://wpscan.com/vulnerability/9267 - https://wordpress.org/plugins/my-calendar/developers - https://nvd.nist.gov/vuln/detail/CVE-2019-15713 -...
WordPress Stacks Mobile App Builder <=5.2.3 - Authentication Bypass
Stacks Mobile App Builder WordPress plugin ≤ 5.2.3 suffers from an authentication bypass vulnerability via improper handling of query parameters, allowing attackers to impersonate arbitrary users. id: CVE-2024-50477 info: name: WordPress Stacks Mobile App Builder =5.2.3 - Authentication Bypass...
Joomla! Portfolio Nexus - Remote File Inclusion
Joomla! Portfolio Nexus 1.5 contains a remote file inclusion vulnerability in the inertialFATE iF comifnexus component that allows remote attackers to include and execute arbitrary local files via a .. dot dot in the controller parameter to index.php. id: CVE-2009-4679 info: name: Joomla! Portfol...
uWSGI PHP Plugin Local File Inclusion
uWSGI PHP Plugin before 2.0.17 mishandles a DOCUMENTROOT check during use of the --php-docroot option, making it susceptible to local file inclusion. id: CVE-2018-7490 info: name: uWSGI PHP Plugin Local File Inclusion author: madrobot severity: high description: uWSGI PHP Plugin before 2.0.17...
WordPress Payeezy Pay <=2.97 - Local File Inclusion
WordPress Plugin WP Payeezy Pay is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin WP Payeezy Pay version 2.97...
Oracle Fusion - Directory Traversal/Local File Inclusion
Oracle Business Intelligence Enterprise Edition 5.5.0.0.0, 12.2.1.3.0, and 12.2.1.4.0 are vulnerable to local file inclusion vulnerabilities via "getPreviewImage." id: CVE-2020-14864 info: name: Oracle Fusion - Directory Traversal/Local File Inclusion author: Ivo Palazzolo @palaziv severity: high...
SPA-Cart eCommerce CMS 1.9.0.3 - Cross-Site Scripting
A vulnerability was found in SPA-Cart eCommerce CMS 1.9.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /search. The manipulation of the argument filterbrandid/filterprice leads to cross site scripting. The attack may be launched remotely...
Joomla! Component JE Job 1.0 - Local File Inclusion
A SQL injection vulnerability in the JExtensions JE Job comjejob component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to index.php. id: CVE-2010-5028 info: name: Joomla! Component JE Job 1.0 - Local File Inclusion author:...
Joomla! Component ZiMB Comment 0.8.1 - Local File Inclusion
A directory traversal vulnerability in the ZiMB Comment comzimbcomment component 0.8.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1602 info: name: Joomla! Component...
WordPress Supsystic Ultimate Maps <1.2.5 - Cross-Site Scripting
WordPress Supsystic Ultimate Maps plugin before 1.2.5 contains an unauthenticated reflected cross-site scripting vulnerability due to improper sanitization of the tab parameter on the options page before outputting it in an attribute. id: CVE-2021-24274 info: name: WordPress Supsystic Ultimate Ma...
WordPress UserPro 4.9.32 - Cross-Site Scripting
WordPress UserPro 4.9.32 is vulnerable to reflected cross-site scripting because the Instagram PHP API v2 it relies on allows it via the example/success.php errordescription parameter. id: CVE-2019-14470 info: name: WordPress UserPro 4.9.32 - Cross-Site Scripting author: daffainfo severity: mediu...
Apache Pinot < 1.3.0 - Authentication Bypass
This vulnerability allows remote attackers to bypass authentication on affected installations of Apache Pinot. Authentication is not required to exploit this vulnerability.The specific flaw exists within the AuthenticationFilter class. The issue results from insufficient neutralization of special...
WordPress DZS Zoomsounds <=6.50 - Local File Inclusion
WordPress Zoomsounds plugin 6.45 and earlier allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the dzsapdownload action using directory traversal in the link parameter. id: CVE-2021-39316 info: name: WordPress DZS Zoomsounds =6.51 to fix t...
PaperCut NG - Authentication Bypass
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 Build 63914. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SecurityRequestFilter class. The issue results from improper...
Totaljs <3.2.3 - Local File Inclusion
Total.js Platform before 3.2.3 is vulnerable to local file inclusion. id: CVE-2019-8903 info: name: Totaljs 3.2.3 - Local File Inclusion author: madrobot severity: high description: Total.js Platform before 3.2.3 is vulnerable to local file inclusion. impact: | An attacker can exploit this...
n8n - Remote Code Execution via Expression Injection
n8n 1.120.4, 1.121.1, 1.122.0 contains a remote code execution caused by insufficient isolation in workflow expression evaluation, letting authenticated attackers execute arbitrary code with n8n process privileges. Exploit requires authentication. id: CVE-2025-68613 info: name: n8n - Remote Code...
WordPress Chop Slider 3 - Blind SQL Injection
WordPress Chop Slider 3 plugin contains a blind SQL injection vulnerability via the id GET parameter supplied to getscript/index.php. The plugin can allow an attacker to execute arbitrary SQL queries in the context of the WP database user, thereby making it possible to obtain sensitive informatio...
AWP Classifieds <= 4.2.1 - Unauthenticated SQL Injection
WordPress Classifieds Plugin before 4.3 contains a SQL injection caused by improper sanitization and escaping of parameters in an AJAX action, letting unauthenticated attackers execute arbitrary SQL commands, exploit requires the premium module to be active. id: CVE-2022-3254 info: name: AWP...
Jeesns 1.4.2 - Cross-Site Scripting
Jeesns 1.4.2 is vulnerable to reflected cross-site scripting in the /newVersion component and allows attackers to execute arbitrary web scripts or HTML. id: CVE-2020-19283 info: name: Jeesns 1.4.2 - Cross-Site Scripting author: pikpikcu severity: medium description: Jeesns 1.4.2 is vulnerable to...
Reprise License Manager 14.2 - Cross-Site Scripting
Reprise License Manager 14.2 contains a cross-site scripting vulnerability in the /goform/activateprocess "count" parameter via GET. id: CVE-2021-45422 info: name: Reprise License Manager 14.2 - Cross-Site Scripting author: edoardottt severity: medium description: | Reprise License Manager 14.2...
Fujian Kelixin Communication - Command Injection
A vulnerability was found in Fujian Kelixin Communication Command and Dispatch Platform up to 20240318 and classified as critical. Affected by this issue is some unknown functionality of the file api/client/user/pwdupdate.php. id: CVE-2024-2621 info: name: Fujian Kelixin Communication - Command...
CData Sync < 23.4.8843 - Path Traversal
A path traversal vulnerability exists in the Java version of CData Sync CData - Sync' - r...
MStore API <= 3.9.1 - Authentication Bypass
The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.1. This is due to insufficient verification on the user being supplied during the cart sync from mobile REST API request through the plugin. This makes it possible for unauthenticated...
WordPress InstaWP Connect <= 0.1.0.38 - Unauthenticated User Creation
The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary option updates due to a missing authorization checks on the REST API calls in all versions up to, and including, 0.1.0.38. This makes it possible for unauthenticated attackers to connect the site ...
ProfilePress < 3.1.11 - Cross-Site Scripting
The ProfilePress plugin for WordPress before 3.1.11 is vulnerable to unauthenticated reflected cross-site scripting XSS via the tabbed login/register widget due to improper escaping of user input. Attackers can inject arbitrary JavaScript via the tabbed-login-name parameter. id: CVE-2021-24522...
Blinko <= 1.8.3 - User Information Leak
Blinko = 1.8.4 contains an information disclosure caused by a publicly accessible endpoint exposing user information including usernames, roles, and account creation dates, letting remote attackers access sensitive user data, exploit requires no special privileges. id: CVE-2026-23486 info: name:...
WordPress Simpel Reserveren <=3.5.2 - Cross-Site Scripting
WordPress plugin Simpel Reserveren 3.5.2 and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...
Rukovoditel <= 2.7.2 - Cross-Site Scripting
A stored cross site scripting XSS vulnerability in the 'Entities List' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter. id: CVE-2020-35987 info: name: Rukovoditel = 2.7.2 - Cross-Site...
MaxSite CMS > V106 - Cross-Site Scripting
A reflected cross-site scripting vulnerability in MaxSite CMS before V106 via product/page/ allows remote attackers to inject arbitrary web script to a page." id: CVE-2021-35265 info: name: MaxSite CMS V106 - Cross-Site Scripting author: pikpikcu severity: medium description: | A reflected...
Fortinet FortiWeb - Authentication Bypass to Admin Privilege
A improper handling of parameters in Fortinet FortiWeb versions 7.6.3 and below, versions 7.4.7 and below, versions 7.2.10 and below, and 7.0.10 and below may allow an unauthenticated remote attacker with non-public information pertaining to the device and targeted user to gain admin privileges o...
WordPress E2Pdf <1.16.45 - Cross-Site Scripting
WordPress E2Pdf plugin before 1.16.45 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape some of its settings, even when the unfilteredhtml capability is disallowed. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context o...
Microweber <1.2.15 - Cross-Site Scripting
Microweber prior to 1.2.15 contains a reflected cross-site scripting vulnerability. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch oth...
Autonomy Ultraseek - Open Redirect
Open redirect vulnerability in cs.html in the Autonomy formerly Verity Ultraseek search engine allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter. id: CVE-2009-0347 info: name: Autonomy Ultraseek - Open Redirect author: ctflearner...
WordPress Post Grid <2.1.8 - Cross-Site Scripting
WordPress Post Grid plugin before 2.1.8 contains a reflected cross-site scripting vulnerability. The slider import search feature and tab parameter of thesettings are not properly sanitized before being output back in the pages, id: CVE-2021-24488 info: name: WordPress Post Grid 2.1.8 - Cross-Sit...
WordPress Cookie Information/Free GDPR Consent Solution <2.0.8 - Cross-Site Scripting
WordPress Cookie Information/Free GDPR Consent Solution plugin prior to 2.0.8 contains a cross-site scripting vulnerability via the admin dashboard. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to...
Joomla! Component simpledownload <=0.9.5 - Arbitrary File Retrieval
A directory traversal vulnerability in the SimpleDownload comsimpledownload component before 0.9.6 for Joomla! allows remote attackers to retrieve arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-2122 info: name: Joomla! Component simpledownload =0.9.5 -...
Etherpad Lite <1.6.4 - Admin Authentication Bypass
Etherpad Lite before 1.6.4 is exploitable for admin access. id: CVE-2018-9845 info: name: Etherpad Lite 1.6.4 - Admin Authentication Bypass author: philippedelteil severity: critical description: Etherpad Lite before 1.6.4 is exploitable for admin access. impact: | An attacker can bypass the admi...
Joomla! Component Saber Cart 1.0.0.12 - Local File Inclusion
A directory traversal vulnerability in the Seber Cart comsebercart component 1.0.0.12 and 1.0.0.13 for Joomla!, when magicquotesgpc is disabled, allows remote attackers to read arbitrary files via a .. dot dot in the view parameter to index.php. id: CVE-2010-1313 info: name: Joomla! Component Sab...
Wipro Holmes Orchestrator 20.4.1 - Arbitrary File Download
The File Download API in Wipro Holmes Orchestrator 20.4.1 20.4.102112020 allows remote attackers to read arbitrary files via absolute path traversal in the SearchString JSON field in /home/download POST data. id: CVE-2021-38146 info: name: Wipro Holmes Orchestrator 20.4.1 - Arbitrary File Downloa...
Microweber < 1.2.11 - Open Redirection
Open Redirect in Packagist microweber/microweber prior to 1.2.11. id: CVE-2022-0597 info: name: Microweber 1.2.11 - Open Redirection author: Farish severity: medium description: | Open Redirect in Packagist microweber/microweber prior to 1.2.11. impact: | Attackers can redirect users to malicious...
Mlflow < 2.9.2 - Path Traversal
A path traversal vulnerability exists in mlflow/mlflow version 2.9.2, allowing attackers to access arbitrary files on the server. By crafting a series of HTTP POST requests with specially crafted 'artifactlocation' and 'source' parameters, using a local URI with '' instead of '?', an attacker can...
ChurchCRM 4.5.3 - Cross-Site Scripting
A reflected cross-site scripting XSS vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter of /churchcrm/v2/family/not-found. id: CVE-2023-25346 info: name: ChurchCRM 4.5.3 - Cross-Site Scripting author: Harsh severity: medium...
LearnPress < 4.2.6.8.1 - Information Disclosure
LearnPress – WordPress LMS Plugin contains a sensitive information exposure caused by incorrect implementation of getitemspermissionscheck function in all versions up to 4.2.6.8, letting unauthenticated attackers extract user emails and basic information. id: CVE-2024-5483 info: name: LearnPress...
Carel pCOWeb HVAC BACnet Gateway 2.1.0 - Path Traversal
Carel pCOWeb HVAC BACnet Gateway 2.1.0 contains an unauthenticated arbitrary file disclosure caused by improper verification of the 'file' GET parameter in logdownload.cgi, letting attackers disclose sensitive files via directory traversal, exploit requires no authentication. id: CVE-2022-37122...
Terraboard <2.2.0 - SQL Injection
Terraboard prior to 2.2.0 contains a SQL injection vulnerability. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2022-1883 info: name: Terraboard 2.2.0 - SQL Injection author:...
CentralSquare CryWolf - Path Traversal
A traversal vulnerability in GeneralDocs.aspx in CentralSquare CryWolf False Alarm Management through 2024-08-09 allows unauthenticated attackers to read files outside of the working web directory via the rpt parameter, leading to the disclosure of sensitive information. id: CVE-2024-45241 info:...
F-logic DataCube3 - SQL Injection
SQL injection vulnerability in f-logic datacube3 v.1.0 allows a remote attacker to obtain sensitive information via the reqid parameter. id: CVE-2024-31750 info: name: F-logic DataCube3 - SQL Injection author: DhiyaneshDK severity: high description: | SQL injection vulnerability in f-logic...
KiviCare Clinic & Patient Management System (EHR) <= 3.6.4 - SQL Injection
The KiviCare Clinic & Patient Management System EHR plugin for WordPress is vulnerable to SQL Injection via the 'visittypeserviceid' parameter of the taxcalculateddata AJAX action in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of...
DomPHP 0.83 - Directory Traversal
A directory traversal vulnerability in DomPHP 0.83 and earlier allows remote attackers to have unspecified impacts via a .. dot dot in the url parameter to photoalbum/index.php. id: CVE-2014-10037 info: name: DomPHP 0.83 - Directory Traversal author: daffainfo severity: high description: A...