4146 matches found
Zoho ManageEngine OpManager < 12.5.329 - Remote Code Execution
Zoho ManageEngine OpManager before 12.5.329 contains a remote code execution caused by a general bypass in the deserialization class, letting unauthenticated attackers execute arbitrary code, exploit requires no authentication id: CVE-2021-3287 info: name: Zoho ManageEngine OpManager 12.5.329 -...
WS_FTP Server - Insecure Deserialization
In WSFTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WSFTP Server operating system. id: CVE-2023-40044 info: name: WSFTP Server - Insecure...
Kentico Xperience 13 CMS - Staging Service Authentication Bypass (WT-2025-0011)
Before Kentico Xperience 13 Hotfix 173, this vulnerability can be exploited with any username provided. For Hotfix = 173 and = 173 and 178, this vulnerability can be exploited only if you provide a valid Staging Service username default: admin impact: | Unauthenticated attackers can bypass...
Control Web Panel (CWP) - File Inclusion
In CWP Control Web Panel, previously CentOS Web Panel before version 0.9.8.1107, an unauthenticated attacker can abuse null byte %00 injection with the "scripts" parameter in the /user/loader.php or /user/login.php endpoints to register arbitrary API keys or access sensitive files. This can be...
WP Content Copy Protection & No Right Click - Open Redirect
The WP Content Copy Protection & No Right Click plugin before version 15.3 contains an open-redirect vulnerability via the referrer parameter in no-js.php, allowing redirection of users to external sites. id: CVE-2024-6690 info: name: WP Content Copy Protection & No Right Click - Open Redirect...
St. Joe ERP system - SQL Injection
A SQL injection vulnerability exists in the St. Joe ERP system "圣乔ERP系统" that allows unauthenticated remote attackers to execute arbitrary SQL commands via crafted HTTP POST requests to the login endpoint. The application fails to properly sanitize user-supplied input before incorporating it into...
Bitrix Site Manager - Remote Code Execution
In the vote aka "Polls, Votes" module before 21.0.100 of Bitrix Site Manager, a remote unauthenticated attacker can execute arbitrary code. id: CVE-2022-27228 info: name: Bitrix Site Manager - Remote Code Execution author: theamanrawat severity: critical description: In the vote aka "Polls, Votes...
WordPress Backup Migration <= 1.3.6 - Path Traversal
WordPress Backup Migration plugin versions up to 1.3.6 contain a path traversal and file validation issue in handledownloading function, letting unauthenticated attackers download backup files containing sensitive information. id: CVE-2023-6266 info: name: WordPress Backup Migration = 1.3.6 - Pat...
Limit Login Attempts WordPress - Stored Cross-site Scripting
Limit Login Attempts WordPress plugin 4.0.50 contains a stored cross-site scripting caused by not escaping IP addresses controlled via headers like X-Forwarded-For before outputting them in reports, letting unauthenticated attackers execute scripts in admin context. id: CVE-2021-24657 info: name:...
Apache Tomcat Examples Web Application - Cross-Site Scripting
Apache Tomcat 8.5.50 to 8.5.81, 9.0.30 to 9.0.64, 10.0.0-M1 to 10.0.22, and 10.1.0-M1 to 10.1.0-M16 contain a reflected cross-site scripting caused by displaying unfiltered user data in the Form authentication example, letting attackers execute scripts in victim browsers, exploit requires attacke...
XWiki - Information Disclosure
XWiki 16.7.0 to 16.10.11, 17.4.4, and 17.7.0 using XJetty contains an information disclosure vulnerability caused by exposed context allowing static access to files in webapp/ folder, letting attackers access sensitive files, exploit requires use of XJetty package. id: CVE-2025-55749 info: name:...
ONLYOFFICE Docs (DocumentServer) - Reflected Cross-Site Scripting
ONLYOFFICE Docs DocumentServer = 8.3.1 contains a reflected XSS caused by improper sanitization of crafted HTTP POST requests via the WOPI protocol, letting attackers inject malicious scripts reflected in HTML response, exploit requires crafted POST requests. id: CVE-2025-5301 info: name:...
Monsta FTP <= 2.11.2 - Unauthenticated Remote Code Execution
Monsta FTP = 2.11 contains an unrestricted file upload vulnerability caused by lack of authentication on file uploads, letting unauthenticated attackers execute arbitrary code by uploading crafted files. id: CVE-2025-34299 info: name: Monsta FTP = 2.11.2 - Unauthenticated Remote Code Execution...
Custom Product Tabs for WooCommerce < 1.7.8 - Unauthenticated Toggle Content Setting Update
YIKES Inc. Custom Product Tabs for WooCommerce plugin \u003C= 1.7.7 contains a broken access control caused by improper permission checks in &yikes-the-content-toggle option update, letting attackers modify content without authorization. id: CVE-2022-28666 info: name: Custom Product Tabs for...
SickChill - Open Redirect
SickChill's login endpoint's 'next' parameter accepts arbitrary content, allowing authenticated attackers to perform open redirects, but this was fixed in commit c7128a8946c3701df95c285810eb75b2de18bf82 by redirecting to a default page. id: CVE-2024-53995 info: name: SickChill - Open Redirect...
WP Popups - Information Disclosure
WP Popups - WordPress Popup builder plugin for WordPress contains a full path disclosure caused by using mobiledetect without access restrictions, letting unauthenticated attackers retrieve server paths, exploit requires no specific conditions. id: CVE-2024-6555 info: name: WP Popups - Informatio...
Templately <= 3.1.2 - Broken Access Control
Templately allow an attacker to logout users who signed in to their templately account, so you can sign in your templately account to exploit this vulnerability. Go to http://IP/wordpress/wp-admin/admin.php?page=templately&path=sign-in to sign in then logout. id: CVE-2024-47308 info: name:...
MStore API <= 4.10.7 - Unauthorized Account Access and Privilege Escalation
The MStore API plugin for WordPress is vulnerable to Unauthorized Account Access and Privilege Escalation in versions up to, and including, 4.10.7 due to improper implementation of the Apple login feature. This allows unauthenticated attackers to log in as any user as long as they know the user's...
Prestashop Blockwishlist 2.1.0 SQL Injection
Prestashop Blockwishlist module version 2.1.0 suffers from a remote authenticated SQL injection vulnerability. id: CVE-2022-31101 info: name: Prestashop Blockwishlist 2.1.0 SQL Injection author: mastercho severity: high description: | Prestashop Blockwishlist module version 2.1.0 suffers from a...
Easy Digital Downloads - Privilege Escalation
Improper Authentication vulnerability in Easy Digital Downloads plugin allows unauth. Privilege Escalation. This issue affects Easy Digital Downloads: from 3.1 through 3.1.1.4.1. id: CVE-2023-30869 info: name: Easy Digital Downloads - Privilege Escalation author: daffainfo severity: critical...
MStore API <= 3.9.1 - Authentication Bypass
The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.1. This is due to insufficient verification on the user being supplied during the cart sync from mobile REST API request through the plugin. This makes it possible for unauthenticated...
Dify v1.9.1 - Broken Access Control
Dify v1.9.1 contains an insecure permissions vulnerability caused by lack of authorization checks in /console/api/system-features endpoint, letting unauthenticated attackers access sensitive system configuration data. id: CVE-2025-63387 info: name: Dify v1.9.1 - Broken Access Control author:...
Fortinet FortiWeb - Authentication Bypass to Admin Privilege
A improper handling of parameters in Fortinet FortiWeb versions 7.6.3 and below, versions 7.4.7 and below, versions 7.2.10 and below, and 7.0.10 and below may allow an unauthenticated remote attacker with non-public information pertaining to the device and targeted user to gain admin privileges o...
Ozette Plugins - Cross-Site Request Forgery
An attacker can update, create, and remove the site's mobile redirects via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. id: CVE-2023-23897 info: name: Ozette Plugins - Cross-Site Request Forgery author: popcorn94 severity: medi...
Oracle WebLogic Server - Remote Code Execution
Oracle WebLogic Server 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 contains a remote code execution caused by unauthenticated access via T3, IIOP, letting attackers take over the server, exploit requires network access. id: CVE-2021-2135 info: name: Oracle WebLogic Server - Remote Code Execution author:...
WordPress Custom 404 Pro <= 3.11.1 - Reflected XSS
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Kunal Nagar Custom 404 Pro allows Reflected XSS.This issue affects Custom 404 Pro: from n/a through 3.11.1. id: CVE-2024-39646 info: name: WordPress Custom 404 Pro = 3.11.1 - Reflected XSS...
GiveWP - Missing Authorization to Settings Update
GiveWP plugin through 2.5.9 for WordPress contains an unauthenticated settings change caused by insecure access in includes/gateways/stripe/includes/admin/admin-actions.php, letting attackers modify settings without authentication, exploit requires no authentication. id: CVE-2020-20627 info: name...
LiteSpeed Cache <= 6.5.0.2 - Stored XSS
LiteSpeed Technologies LiteSpeed Cache versions up to 6.5.0.2 contain a stored cross-site scripting caused by improper input neutralization during web page generation, letting attackers execute malicious scripts in victim browsers, exploit requires storing malicious input. id: CVE-2024-47374 info...
Letta Letta 0.7.12 - Remote Code Execution
Letta 0.7.12 is vulnerable to remote code execution via POST /v1/tools/run in letta.server.restapi.routers.v1.tools.runtoolfromsource, allowing attackers to execute arbitrary Python and OS commands via crafted tool source code. id: CVE-2025-51482 info: name: Letta Letta 0.7.12 - Remote Code...
Zimbra Collaboration - Cross-Site Scripting (XSS)
An issue was discovered in Zimbra Collaboration ZCS 9.0 and 10.0. A Cross-Site Scripting XSS vulnerability exists in the CalendarInvite feature of the Zimbra webmail classic user interface, because of improper input validation in the handling of the calendar header. An attacker can exploit this v...
Simple File List < 6.1.13 - Reflected Cross-Site Scripting
Simple File List WordPress plugin \u003C 6.1.13 contains a reflected cross-site scripting caused by unsanitized URL output in an attribute, letting attackers execute malicious scripts in admin browsers, exploit requires victim to be an admin. id: CVE-2024-10146 info: name: Simple File List 6.1.13...
XWiki - HQL Injection
XWiki is vulnerable to Hibernate Query Language HQL injection in the wiki and space search REST API starting in version 4.3-milestone-1 and prior to versions 16.10.9, 17.4.2, and 17.5.0. The vulnerability allows attackers to inject malicious HQL queries through the orderField parameter, potential...
Landray EKP - Path Traversal
A vulnerability, which was classified as critical, was found in Landray EKP up to 16.0. This affects the function delPreviewFile of the file /sys/ui/sysuicomponent/sysUiComponent.do?method=delPreviewFile. The manipulation of the argument directoryPath leads to path traversal. It is possible to...
WordPress Qwizcards < 3.95 - Cross-Site Scripting (Reflected)
The WordPress Qwizcards plugin before version 3.95 does not sanitise and escape the "themestylesheet" parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting vulnerability. id: CVE-2025-6174 info: name: WordPress Qwizcards alert'randstr'" matchers-...
Spring Cloud Gateway Server Webflux - Broken Access Control
Spring Cloud Gateway Server Webflux contains a vulnerability caused by unsecured and exposed actuator endpoints allowing modification of Spring Environment properties, letting attackers modify configuration, exploit requires unsecured actuator endpoints exposure. id: CVE-2025-41243 info: name:...
The Events Calendar < 6.4.0.1 - Cross-site Scripting
The Events Calendar WordPress plugin 6.4.0.1 contains a stored XSS caused by improper sanitization of user-submitted content when rendering views via AJAX, letting attackers execute scripts in the context of the affected site. Exploitation requires user interaction. id: CVE-2024-4180 info: name:...
Imgproxy < 3.27.2 - Server-Side Request Forgery (SSRF)
imgproxy contains an issue caused by not blocking the 0.0.0.0 address even when IMGPROXYALLOWLOOPBACKSOURCEADDRESSES is set to false, letting local services be exposed, exploit requires network access. id: CVE-2025-24354 info: name: Imgproxy 3.27.2 - Server-Side Request Forgery SSRF author:...
WP Cerber < 8.9.3 - Broken Access Control
WP Cerber 8.9.3 contains a bypass of /wp-json access control caused by improper handling of trailing '?' character, letting unauthorized users access protected REST API endpoints, exploit requires sending a request with a trailing '?'. id: CVE-2021-37598 info: name: WP Cerber 8.9.3 - Broken Acces...
PrestaShop < 1.7.6.6 - Information Exposure via Upload Directory
PrestaShop versions after 1.5.0.0 and before 1.7.6.6 are vulnerable to information exposure through directory listing in the upload directory due to a missing index.php file. id: CVE-2020-15081 info: name: PrestaShop 1.7.6.6 - Information Exposure via Upload Directory author: 0xAkoko severity: lo...
Apache Kafka Client - Arbitrary File Read
Apache Kafka Client contains arbitrary file read and server-side request forgery caused by untrusted configuration of sasl.oauthbearer.token.endpoint.url and sasl.oauthbearer.jwks.endpoint.url, letting attackers read files or send requests to unintended locations, exploit requires untrusted party...
Grandstream UCM6200 - SQL Injection
Grandstream UCM6200 series contains an unauthenticated remote SQL injection caused by crafted HTTP requests, letting attackers execute shell commands as root on versions before 1.0.19.20 or inject HTML in emails before 1.0.20.17. id: CVE-2020-5722 info: name: Grandstream UCM6200 - SQL Injection...
Responsive Pricing Table <= 5.1.12 - Cross-Site Scripting
The Responsive Pricing Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'planicons' parameter in all versions up to, and including, 5.1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-lev...
OneDev < 4.0.3 - User Access Token Leak
OneDev before version 4.0.3 contains an insecure endpoint that allows retrieval of arbitrary user details, including access tokens, due to missing security checks on /users/id, letting attackers leak sensitive data and impersonate users, exploit requires no special conditions. id: CVE-2021-21246...
Ruby on Rails - Open Redirect via Host Header Injection
Ruby on Rails action pack before 6.1.2.1, 6.0.3.5 contains an open redirect caused by special crafted Host headers in combination with allowed host formats, letting attackers redirect users to malicious websites, exploit requires attacker to control Host headers. id: CVE-2021-22881 info: name: Ru...
Zoho ManageEngine - getUserAPIKey Authentication Bypass
Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 125657, 126002, 126104, and 126118 allow unauthenticated attackers to obtain a user's API key, and then access external...
Laminas Project laminas-http - Remote Code Execution
Laminas Project laminas-http 2.14.2 and Zend Framework 3.0.0 contain a deserialization vulnerability caused by destruct method in Zend\Http\Response\Stream, letting attackers control content lead to remote code execution, exploit requires attacker-controlled serialized data. id: CVE-2021-3007...
FortiOS - Insecure LDAP Configuration Detection
The FortiGate LDAP configuration was detected to be insecure due to missing ca-cert, secure LDAPS, or server-identity-check, potentially exposing LDAP communications to credential interception or man-in-the-middle attacks under specific network conditions. id: CVE-2019-5591 info: name: FortiOS -...
WordPress Popup Builder < 4.0.7 - Remote Code Execution
Popup Builder WordPress plugin before 4.0.7 contains a local file inclusion caused by unsanitized 'sgpbtype' parameter in require statement, letting attackers include arbitrary local files or execute code via wrappers like PHAR, exploit requires attacker to control 'sgpbtype' parameter. id:...
WordPress Redirect After Login <= 0.1.9 - Admin Stored XSS
Marcelotorres Redirect After Login plugin = 0.1.9 contains a stored cross-site scripting caused by insufficient sanitization in the login redirect parameter, letting attackers execute scripts in the context of the affected site, exploit requires admin privileges. id: CVE-2023-27624 info: name:...
ZoomSounds Plugin - Unauthenticated Arbitrary File Upload
ZoomSounds plugin for WordPress contains a file upload vulnerability in savepng.php id: CVE-2021-4449 info: name: ZoomSounds Plugin - Unauthenticated Arbitrary File Upload author: 0xnemian severity: critical description: | ZoomSounds plugin for WordPress contains a file upload vulnerability in...