| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Maantheme Maan Addons For Elementor allows Local Code Inclusion.This issue affects Maan Addons For Elementor: from n/a through 1.0.1. |
| : Authentication Bypass Using an Alternate Path or Channel vulnerability in sooskriszta, webforza BuddyPress Better Registration allows : Authentication Bypass.This issue affects BuddyPress Better Registration: from n/a through 1.6. |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ahime Ahime Image Printer.This issue affects Ahime Image Printer: from n/a through 1.0.0. |
| Unrestricted Upload of File with Dangerous Type vulnerability in Shafiq Digital Lottery allows Upload a Web Shell to a Web Server.This issue affects Digital Lottery: from n/a through 3.0.5. |
| Deserialization of Untrusted Data vulnerability in Innovaweb Sp. Z o.O. Free Stock Photos Foter allows Object Injection.This issue affects Free Stock Photos Foter: from n/a through 1.5.4. |
| Deserialization of Untrusted Data vulnerability in TAKETIN TAKETIN To WP Membership allows Object Injection.This issue affects TAKETIN To WP Membership: from n/a through 2.8.0. |
| Unrestricted Upload of File with Dangerous Type vulnerability in Fliperrr Team Creates 3D Flipbook, PDF Flipbook allows Upload a Web Shell to a Web Server.This issue affects Creates 3D Flipbook, PDF Flipbook: from n/a through 1.2. |
| Deserialization of Untrusted Data vulnerability in Gabriele Valenti Telecash Ricaricaweb allows Object Injection.This issue affects Telecash Ricaricaweb: from n/a through 2.2. |
| : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Hung Trang Si SB Random Posts Widget allows PHP Local File Inclusion.This issue affects SB Random Posts Widget: from n/a through 1.0. |
| Deserialization of Untrusted Data vulnerability in Boyan Raichev IP Loc8 allows Object Injection.This issue affects IP Loc8: from n/a through 1.1. |
| Unrestricted Upload of File with Dangerous Type vulnerability in xaraartech External featured image from bing allows Upload a Web Shell to a Web Server.This issue affects External featured image from bing: from n/a through 1.0.2. |
| Deserialization of Untrusted Data vulnerability in Grayson Robbins Disc Golf Manager allows Object Injection.This issue affects Disc Golf Manager: from n/a through 1.0.0. |
| : Relative Path Traversal vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Path Traversal.This issue affects LiteSpeed Cache: from n/a through 6.4.1. |
| Relative Path Traversal vulnerability in James Park Analyse Uploads allows Relative Path Traversal.This issue affects Analyse Uploads: from n/a through 0.5. |
| A vulnerability has been identified within Rancher that can be exploited
in narrow circumstances through a man-in-the-middle (MITM) attack. An
attacker would need to have control of an expired domain or execute a
DNS spoofing/hijacking attack against the domain to exploit this
vulnerability. The targeted domain is the one used as the Rancher URL. |
| Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Supsystic Contact Form by Supsystic allows Command Injection.This issue affects Contact Form by Supsystic: from n/a through 1.7.28. |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sajid Javed Top Bar – PopUps – by WPOptin allows PHP Local File Inclusion.This issue affects Top Bar – PopUps – by WPOptin: from n/a through 2.0.1. |
| A vulnerability has been identified whereby privilege escalation checks are not properly enforced for RoleTemplateobjects when external=true, which in specific scenarios can lead to privilege escalation. |
| A vulnerability has been identified in which unauthenticated cross-site
scripting (XSS) in Norman's public API endpoint can be exploited. This
can lead to an attacker exploiting the vulnerability to trigger
JavaScript code and execute commands remotely. |
| When RKE provisions a cluster, it stores the cluster state in a configmap called `full-cluster-state` inside the `kube-system` namespace of the cluster itself. The information available in there allows non-admin users to escalate to admin. |
