| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Improper Privilege Management in uvdesk/community-skeleton |
| Cross-Site Request Forgery (CSRF) vulnerability in Arnan de Gans No-Bot Registration.This issue affects No-Bot Registration: from n/a through 1.9.1.
|
| Missing Authorization vulnerability in Saleswonder Team: Tobias WP2LEADS wp2leads.This issue affects WP2LEADS: from n/a through <= 3.2.7. |
| Cross-Site Request Forgery (CSRF) vulnerability in Andrew Dashboard To-Do List dashboard-to-do-list.This issue affects Dashboard To-Do List: from n/a through <= 1.3.1. |
| Unrestricted Upload of File with Dangerous Type vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.This issue affects WP Photo Album Plus: from n/a through 8.7.01.001.
|
| Cross-Site Request Forgery (CSRF) vulnerability in Smash Balloon Smash Balloon Social Post Feed.This issue affects Smash Balloon Social Post Feed: from n/a through 4.2.1.
|
| ** DISPUTED ** A vulnerability was found in francoisjacquet RosarioSIS 11.5.1. It has been rated as problematic. This issue affects some unknown processing of the component Add Portal Note. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The associated identifier of this vulnerability is VDB-258911. NOTE: The vendor explains that the PDF is opened by the browser app in a sandbox, so no data from the website should be accessible. |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Oxygen Builder allows Code Injection. Vendor is ignoring report, refuses to patch the issue.This issue affects Oxygen Builder: from n/a through 4.9. |
| Cross-Site Request Forgery (CSRF) vulnerability in RebelCode Spotlight Social Media Feeds.This issue affects Spotlight Social Media Feeds: from n/a through 1.6.10.
|
| Cross-Site Request Forgery (CSRF) vulnerability in Reservation Diary ReDi Restaurant Reservation.This issue affects ReDi Restaurant Reservation: from n/a through 24.0128.
|
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Popup LikeBox Team Popup Like box allows Stored XSS.This issue affects Popup Like box: from n/a through 3.7.2.
|
| Cross-Site Request Forgery (CSRF) vulnerability in Pauple Table & Contact Form 7 Database – Tablesome.This issue affects Table & Contact Form 7 Database – Tablesome: from n/a through 1.0.25.
|
| Cross-Site Request Forgery (CSRF) vulnerability in Ertano MihanPanel.This issue affects MihanPanel: from n/a before 12.7.
|
| : Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Breakdance allows : Code Injection.This issue affects Breakdance: from n/a through 1.7.2.
|
| Active debug code vulnerability exists in RoamWiFi R10 prior to 4.8.45. If this vulnerability is exploited, a network-adjacent unauthenticated attacker with access to the device may perform unauthorized operations. |
| Uncontrolled search path in some Intel(R) High Level Synthesis Compiler software for Intel(R) Quartus(R) Prime Pro Edition Software before version 24.1 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| OS command injection vulnerability exists in AIPHONE IX SYSTEM and IXG SYSTEM. A network-adjacent authenticated attacker may execute an arbitrary OS command with root privileges by sending a specially crafted request. |
| Out-of-bounds read vulnerability exists in CX-Programmer included in CX-One CXONE-AL[][]D-V4 Ver. 9.81 or lower. Opening a specially crafted project file may lead to information disclosure and/or the product being crashed. |
| Free of pointer not at start of buffer vulnerability exists in CX-One CX-One CXONE-AL[][]D-V4 (The version which was installed with a DVD ver. 4.61.1 or lower, and was updated through CX-One V4 auto update in January 2024 or prior) and Sysmac Studio SYSMAC-SE2[][][] (The version which was installed with a DVD ver. 1.56 or lower, and was updated through Sysmac Studio V1 auto update in January 2024 or prior). Opening a specially crafted project file may lead to arbitrary code execution. |
| A vulnerability was found in Clavister E10 and E80 up to 14.00.10 and classified as problematic. This issue affects some unknown processing of the component Setting Handler. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 14.00.11 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-258917 was assigned to this vulnerability. |
