| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FooEvents FooEvents for WooCommerce fooevents allows SQL Injection.This issue affects FooEvents for WooCommerce: from n/a through <= 1.20.4. |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Edge-Themes Eldon eldon allows PHP Local File Inclusion.This issue affects Eldon: from n/a through <= 1.0. |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Tails tails allows PHP Local File Inclusion.This issue affects Tails: from n/a through <= 1.4.12. |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Prider prider allows PHP Local File Inclusion.This issue affects Prider: from n/a through <= 1.1.3.1. |
| Deserialization of Untrusted Data vulnerability in ThemeREX Sound | Musical Instruments Online Store musicplace allows Object Injection.This issue affects Sound | Musical Instruments Online Store: from n/a through <= 1.6.9. |
| Missing Authorization vulnerability in e-plugins Hospital Doctor Directory hospital-doctor-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hospital Doctor Directory: from n/a through <= 1.3.9. |
| Unrestricted Upload of File with Dangerous Type vulnerability in Xpro Xpro Elementor Addons xpro-elementor-addons allows Upload a Web Shell to a Web Server.This issue affects Xpro Elementor Addons: from n/a through <= 1.4.19.1. |
| A maliciously crafted HTML payload, stored in a part’s attribute and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process. |
| Invalid memory access in Sentencepiece versions less than 0.2.1 when using a vulnerable model file, which is not created in the normal training procedure. |
| Dell PowerScale OneFS, versions 9.5.0.0 through 9.5.1.5, versions 9.6.0.0 through 9.7.1.10, versions 9.8.0.0 through 9.10.1.3, versions starting from 9.11.0.0 and prior to 9.13.0.0, contains a Time-of-check Time-of-use (TOCTOU) race condition vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to denial of service. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Imran Emu Owl Carousel WP owl-carousel-wp allows Stored XSS.This issue affects Owl Carousel WP: from n/a through <= 2.2.2. |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in pavothemes Triply triply allows PHP Local File Inclusion.This issue affects Triply: from n/a through <= 2.4.7. |
| Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Justicia justicia allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Justicia: from n/a through <= 1.2. |
| FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Versions 1.5.10.1754 and below contain an unauthenticated SSRF vulnerability in getversion.php which can be triggered by providing a user-controlled url parameter. It can be used to fetch both internal websites and files on the machine running FOG. This appears to be reachable without an authenticated web session when the request includes newService=1. The issue does not have a fixed release version at the time of publication. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Universal Video Player universal-video-player allows Reflected XSS.This issue affects Universal Video Player: from n/a through <= 3.8.4. |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Hobo hobo allows PHP Local File Inclusion.This issue affects Hobo: from n/a through <= 1.0.10. |
| Incorrect Privilege Assignment vulnerability in e-plugins Institutions Directory institutions-directory allows Privilege Escalation.This issue affects Institutions Directory: from n/a through <= 1.3.4. |
| Missing Authorization vulnerability in Arul Prasad J WP Quick Post Duplicator wp-quick-post-duplicator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Quick Post Duplicator: from n/a through <= 2.1. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in linux4me2 Menu In Post menu-in-post allows DOM-Based XSS.This issue affects Menu In Post: from n/a through <= 1.4.1. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in winkm89 teachPress teachpress allows Stored XSS.This issue affects teachPress: from n/a through <= 9.0.12. |
