| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Unauthenticated Cross Site Scripting (XSS) in Classified Listing <= 5.4.2 versions. |
| Unauthenticated Cross Site Scripting (XSS) in HandL UTM Grabber <= 2.9.2 versions. |
| Unauthenticated Cross Site Scripting (XSS) in Search Atlas SEO <= 2.6.6 versions. |
| Unauthenticated Cross Site Scripting (XSS) in WPAdverts <= 2.3.1 versions. |
| Subscriber Broken Access Control in Advanced Contact form 7 DB <= 2.0.9 versions. |
| Unauthenticated Cross Site Scripting (XSS) in WP Photo Album Plus <= 9.2.02.004 versions. |
| Unauthenticated SQL Injection in WP Fast Total Search <= 1.80.280 versions. |
| Subscriber Broken Access Control in Werkstatt <= 4.7.2 versions. |
| Contributor Local File Inclusion in Shopify <= 1.0.0 versions. |
| Contributor Cross Site Scripting (XSS) in Livemesh Addons for WPBakery Page Builder <= 3.9.4 versions. |
| Unauthenticated Cross Site Request Forgery (CSRF) in SEOWP <= 3.12.2 versions. |
| Deserialization of Untrusted Data vulnerability in Themify Themify Popup allows Object Injection.
This issue affects Themify Popup: from n/a through 1.4.3. |
| A malicious actor with access to the network and low privileges could exploit a series of authenticated SQL Injection vulnerabilities found in UniFi OS to escalate privileges within such UniFi OS devices or instances. |
| A malicious actor who lures an authenticated user to a malicious page could exploit a Cross-Origin Resource Sharing (CORS) misconfiguration found in UniFi OS to trigger actions in UniFi OS using that user's session. |
| A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Connect Application to execute a Command Injection on the host device. |
| A malicious actor with access to the network and low privileges could exploit a series of authenticated SQL Injection vulnerabilities found in UniFi Talk Application to escalate privileges on the host device. |
| A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UniFi OS to execute a Command Injection on the host device. |
| A malicious actor with access to the network and low privileges could exploit a Server-Side Request Forgery (SSRF) to escalate privileges within such UniFi OS devices or instances. |
| A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi Protect Floodlight devices to access files on the UniFi Protect Floodlight. |
| A malicious actor with access to the network could exploit a Server-Side Request Forgery (SSRF) vulnerability found in UniFi Talk Application to execute a Denial of Service (DoS) attack and bypass authentication in certain UniFi Talk API endpoints. |