4145 matches found
Hoteldruid v3.0.5 - SQL Injection
Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the idutentelog parameter at /hoteldruid/personalizza.php. id: CVE-2023-43374 info: name: Hoteldruid v3.0.5 - SQL Injection author: ritikchaddha severity: critical description: | Hoteldruid v3.0.5 was discovered to...
FileMage Gateway - Directory Traversal
Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker to obtain sensitive information via a crafted request to the /mgmt/ component. id: CVE-2023-39026 info: name: FileMage Gateway - Directory Traversal author: DhiyaneshDk severity:...
Zimbra Collaboration Suite (ZCS) v.8.8.15 - Cross-Site Scripting
Zimbra Collaboration ZCS 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client. id: CVE-2023-37580 info: name: Zimbra Collaboration Suite ZCS v.8.8.15 - Cross-Site Scripting author: ritikchaddha severity: medium description: | Zimbra Collaboration ZCS 8 before 8.8.15 Patch 41 allow...
MStore API <= 3.9.2 - Authentication Bypass
The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.2. This is due to insufficient verification on the user being supplied during the add listing REST API request through the plugin. This makes it possible for unauthenticated attackers ...
Nagios XI v5.11.0 - SQL Injection
A SQL injection vulnerability in Nagios XI from version 5.11.0 up to and including 5.11.1 allows authenticated attackers to execute arbitrary SQL commands via the ID parameter in the POST request to /nagiosxi/admin/bannermessage-ajaxhelper.php. id: CVE-2023-40931 info: name: Nagios XI v5.11.0 - S...
EventON (Free < 2.2.8, Premium < 4.5.5) - Information Disclosure
The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorization in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog. id: CVE-2024-0235 info: name: EventON Free 2.2.8, Premium 4.5.5 - Information Disclosu...
Crypto <= 2.15 - Authentication Bypass
The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.15. This is due a to limited arbitrary method call to 'cryptoconnectajaxprocess::login' function in the 'cryptoconnectajaxprocess' function. This makes it possible for unauthenticated...
REST API TO MiniProgram <= 4.7.1 - SQL Injection
The REST API TO MiniProgram plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/watch-life-net/v1/comment/getcomments REST API endpoint in all versions up to, and including, 4.7.1 due to insufficient escaping on the user supplied parameter and lack of...
WordPress CAS Theme <= 1.0.0 - Server-Side Request Forgery
The CAS WordPress theme through version 1.0.0 is vulnerable to Server-Side Request Forgery SSRF via the 'url' parameter in the getremotedata.php script. This vulnerability allows unauthenticated attackers to make the server perform requests to arbitrary URLs. id: CVE-2024-4399 info: name: WordPre...
User Meta WP Plugin < 3.1 - Sensitive Information Exposure
The User Meta is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0 via the /views/debug.php file. This makes it possible for unauthenticated attackers, with to extract sensitive configuration data. id: CVE-2024-33575 info: name: User Meta WP Plugin 3.1 -...
Flowise <= 1.8.2 Authentication Bypass
An Authentication Bypass vulnerability exists in Flowise version 1.8.2. This could allow a remote, unauthenticated attacker to access API endpoints as an administrator and allow them to access restricted functionality. id: CVE-2024-8181 info: name: Flowise = 1.8.2 Authentication Bypass author:...
Give WP Plugin < 3.19.0 - Cross-Site Scripting
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. id: CVE-2024-11921 info: name: Give WP Plugin 3.19.0 - Cross-Site Scripting author: Splint3r7...
FormLift for Infusionsoft Web Forms <= 7.5.17 - SQL Injection
The FormLift for Infusionsoft Web Forms plugin for WordPress is vulnerable to SQL Injection via the 'formid' parameter in versions up to, and including, 7.5.17 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
Navidrome < 0.53.0 - Authenticated SQL Injection
Navidrome is an open source web-based music collection server and streamer. Navidrome automatically adds parameters in the URL to SQL queries. This can be exploited to access information by adding parameters like password=... in the URL ORM Leak. Furthermore, the names of the parameters are not...
WordPress SEO Tools Plugin 4.0.7 - Cross-Site Scripting
The SEO Tools WordPress plugin through version 4.0.7 contains a reflected cross-site scripting vulnerability. The plugin does not properly sanitize and escape the 'src' parameter in the rssread.php file before outputting it back in the page, which could allow attackers to execute arbitrary...
NextChat - Server-Side Request Forgery
NextChat v2.12.3 suffers from a Server-Side Request Forgery SSRF and Cross-Site Scripting vulnerability due to a lack of validation of the GET parameter on the WebDav API endpoint. id: CVE-2024-38514 info: name: NextChat - Server-Side Request Forgery author: DhiyaneshDk severity: high description...
AnythingLLM - Information Disclosure
AnythingLLM suffers from an information disclosure vulnerability through the /api/setup-complete API endpoint. By accessing this endpoint, a remote and unauthenticated attacker can access sensitive configuration of the target AnythingLLM instance. This detection is included in the AI and LLM...
Plenti < v0.7.2 - OS Command Injection
Plenti, a static site generator, has an arbitrary file write vulnerability in versions prior to 0.7.2. The /postLocal endpoint is vulnerable to an arbitrary file write vulnerability when a plenti user serves their website. This issue may lead to Remote Code Execution. Version 0.7.2 fixes the...
Microweber < V.2.0 - Cross-Site Scripting
Reflected Cross-Site Scripting Vulnerability in types GET parameter on the /editortools/rteimageeditor endpoint. id: CVE-2023-5244 info: name: Microweber V.2.0 - Cross-Site Scripting author: r3Y3r53 severity: medium description: | Reflected Cross-Site Scripting Vulnerability in types GET paramete...
SuperWebMailer - Cross-Site Scripting
An issue was discovered in SuperWebMailer 9.00.0.01710 that allows keepalive.php XSS via a GET parameter. id: CVE-2023-38194 info: name: SuperWebMailer - Cross-Site Scripting author: ritikchaddha severity: medium description: | An issue was discovered in SuperWebMailer 9.00.0.01710 that allows...
JFinalCMS v5.0.0 - Directory Traversal
An issue in the component /common/DownController.java of JFinalCMS v5.0.0 allows attackers to execute a directory traversal. id: CVE-2023-41599 info: name: JFinalCMS v5.0.0 - Directory Traversal author: pussycat0x severity: medium description: | An issue in the component /common/DownController.ja...
WordPress Watu Quiz <3.3.9.1 - Cross-Site Scripting
WordPress Watu Quiz plugin before 3.3.9.1 is susceptible to cross-site scripting. The plugin does not sanitize and escape some parameters, such as email, dn, date, and points, before outputting then back in a page. An attacker can inject arbitrary script in the browser of an unsuspecting user in...
ShokoServer System - Local File Inclusion (LFI)
ShokoServer is a media server which specializes in organizing anime. In affected versions the /api/Image/WithPath endpoint is accessible without authentication and is supposed to return default server images. The endpoint accepts the parameter serverImagePath, which is not sanitized in any way...
My Geo Posts Free <= 1.2 - PHP Object Injection
The My Geo Posts Free plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.2 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If ...
Apache NiFi - Information Disclosure
Apache NiFi 1.10.0 through 2.0.0 are missing fine-grained authorization checking for Parameter Contexts, referenced Controller Services, and referenced Parameter Providers, when creating new Process Groups. Creating a new Process Group can include binding to a Parameter Context, but in cases wher...
GnuBoard5 5.5.16 - Open Redirect
Gnuboard5 5.5.16 contains an open redirect vulnerability caused by insufficient URL parameter verification in bbs/logout.php, letting remote attackers redirect users to arbitrary URLs, exploit requires crafted URL parameter. id: CVE-2024-37656 info: name: GnuBoard5 5.5.16 - Open Redirect author:...
osCommerce v4.0 - Cross-site Scripting
A vulnerability, which was classified as problematic, was found in osCommerce 4. Affected is an unknown function of the file /catalog/all-products. The manipulation of the argument cat leads to cross site scripting. It is possible to launch the attack remotely. id: CVE-2024-4348 info: name:...
XWiki Platform - Unauthorized Document History Access
A vulnerability in XWiki Platform's REST API allows unauthorized users to access document history information. The REST API endpoint exposes the history of any page including modification times, version numbers, author details username and display name, and version comments, regardless of access...
Stable Diffusion Webui 1.10.0 - Open Redirect
An open redirect vulnerability exists in Stable-Diffusion-Webui 1.10.0, where the file parameter in the /file= endpoint can be manipulated to redirect users to malicious websites. This could facilitate phishing attacks by tricking users into visiting attacker-controlled URLs. id: CVE-2024-11044...
IceWarp Server 10.2.1 - Cross-Site Scripting
IceWarp Server 10.2.1 is vulnerable to Cross Site Scripting XSS via the meta parameter. id: CVE-2024-55218 info: name: IceWarp Server 10.2.1 - Cross-Site Scripting author: s4e-io severity: medium description: | IceWarp Server 10.2.1 is vulnerable to Cross Site Scripting XSS via the meta parameter...
Argo CD Unauthenticated Access to sensitive setting
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The vulnerability allows unauthorized access to the sensitive settings exposed by /api/v1/settings endpoint without authentication. All sensitive settings are hidden except passwordPattern. id: CVE-2024-37152 info: name: Ar...
WordPress Plugin MainWP Child - Authentication Bypass
The plugin is vulnerable to an authentication bypass that allows an unauthenticated user to login as an administrator without providing a password. This vulnerability is only exploitable when the plugin has not been connected to a MainWP Dashboard and the "Require unique security ID" option is no...
Smart s200 Management Platform v.S200 - SQL Injection
SQL Injection vulnerability in Baizhuo Network Smart s200 Management Platform v.S200 allows a local attacker to obtain sensitive information and escalate privileges via the /importexport.php component. id: CVE-2024-27718 info: name: Smart s200 Management Platform v.S200 - SQL Injection author:...
Netgear R6850 - Information Disclosure
Netgear R6850 router firmware version V1.1.0.88 contains an information leakage vulnerability in the currentsetting.htm page.This hidden interface is not protected by authentication, allowing unauthenticated attackers to access sensitive informationsuch as firmware version, model details,...
Electrolink FM/DAB/TV Transmitter (controlloLogin.js) - Credentials Disclosure
Electrolink transmitters store credentials in clear-text. Use of these credentials could allow an attacker to access the system. id: CVE-2024-3742 info: name: Electrolink FM/DAB/TV Transmitter controlloLogin.js - Credentials Disclosure author: Farish severity: high description: | Electrolink...
Dolibarr ERP CMS `list.php` - SQL Injection
Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. id: CVE-2024-5315 info: name: Dolibarr ERP CMS list.php - SQL Injection author: rootxharsh,iamnoooob,pdresearch severity: critical description: | Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0....
PDF Generator Addon for Elementor Page Builder <= 1.7.5 - Arbitrary File Download
The PDF Generator Addon for Elementor Page Builder plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.7.5 via the rtwpgaepbdwnldpdf function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which...
W&B Weave Server - Remote Arbitrary File Leak
The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various common scenarios, this allows a low-privileged user to assume the role of the server admin. id:...
LoLLMS WebUI - Subfolder Prediction via Path Traversal
A Path Traversal vulnerability exists in the parisneo/lollms-webui, specifically within the 'addreferencetolocalmode' function due to the lack of input sanitization. This vulnerability affects versions v9.6 to the latest. id: CVE-2024-4841 info: name: LoLLMS WebUI - Subfolder Prediction via Path...
Sidekiq < 7.0.8 - Cross-Site Scripting
An XSS vulnerability on a Sidekiq admin panel can pose serious risks to the security and functionality of the system. id: CVE-2023-1892 info: name: Sidekiq 7.0.8 - Cross-Site Scripting author: ritikchaddha,princechaddha severity: critical description: | An XSS vulnerability on a Sidekiq admin pan...
Hide My WP Ghost < 5.2.02 - Hidden Login Page Disclosure
The Hide My WP Ghost plugin does not prevent redirects to the login page via the authredirect WordPress function, allowing an unauthenticated visitor to access the hidden login page. id: CVE-2024-6420 info: name: Hide My WP Ghost 5.2.02 - Hidden Login Page Disclosure author: jpg0mez severity: hig...
WordPress Download Manager - File Password Exposure
The WordPress Download Manager plugin contains a vulnerability that allows attackers to obtain passwords for password-protected downloads by sending a specially crafted request to the validate-password API endpoint. id: CVE-2023-6421 info: name: WordPress Download Manager - File Password Exposure...
Essential Grid <= 3.1.0 - Cross-Site Scripting
Unauthenticated Reflected Cross-Site Scripting XSS vulnerability in ThemePunch OHG Essential Grid plugin = 3.1.0 versions. id: CVE-2023-47684 info: name: Essential Grid = 3.1.0 - Cross-Site Scripting author: 0xpugal severity: medium description: | Unauthenticated Reflected Cross-Site Scripting XS...
Prime Mover < 1.9.3 - Sensitive Data Exposure
Prime Mover plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.2 via directory listing in the 'prime-mover-export-files/1/' folder. This makes it possible for unauthenticated attackers to extract sensitive data including site and...
PMB v7.4.6 - Cross-Site Scripting
PMB v7.4.6 allows an attacker to perform a reflected XSS on exportz3950.php via the 'query' parameter. id: CVE-2023-24737 info: name: PMB v7.4.6 - Cross-Site Scripting author: r3Y3r53 severity: medium description: | PMB v7.4.6 allows an attacker to perform a reflected XSS on exportz3950.php via t...
Plone Docker - Host Header Injection
Plone Docker Official Image 5.2.13 5221 is vulnerable to Host Header Injection due to improper validation of input by the HOST headers. This can lead to Cross-Site Scripting XSS attacks when the malicious Host header value is reflected in the response. id: CVE-2024-23055 info: name: Plone Docker ...
openSIS Classic v9.1 - SQL Injection
SQL injection vulnerability exists in OS4ED openSIS-Classic Version 9.1, specifically in the resetuserinfo.php file. The vulnerability is due to improper input validation of the $usernamestnid parameter, which can be manipulated by an attacker to inject arbitrary SQL commands. id: CVE-2024-51211...
TOTOLINK CX-A3002RU - Remote Code Execution
An issue in TOTOLINK-CX-A3002RU V1.0.4-B20171106.1512 and TOTOLINK-CX-N150RT V2.1.6-B20171121.1002 and TOTOLINK-CX-N300RT V2.1.6-B20170724.1420 and TOTOLINK-CX-N300RT V2.1.8-B20171113.1408 and TOTOLINK-CX-N300RT V2.1.8-B20191010.1107 and TOTOLINK-CX-N302RE V2.0.2-B20170511.1523 allows a remote...
Solara <1.35.1 - Local File Inclusion
A Local File Inclusion LFI vulnerability was identified in widgetti/solara, in version 1.35.1, which was fixed in version 1.35.1. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../' when serving static files. ...
LOLLMS WebUI - Absolute Path Traversal
An absolute path traversal vulnerability exists in parisneo/lollms-webui v9.6, specifically in the openfile endpoint of lollmsadvanced.py. The sanitizepath function with allowabsolutepath=True allows an attacker to access arbitrary files and directories on a Windows system. This vulnerability can...