Medium
CVSS: 6.5
Yayın: 2025-01-24 07:15:06
The Form Builder CP plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'CP_EASY_FORM_WILL_APPEAR_HERE' shortcode in all versions up to, and including, 1.2.41 due to insufficient escaping on the user supplied parameter a…
Medium
CVSS: 6.4
Yayın: 2025-01-24 06:15:26
The Listamester plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'listamester' shortcode in all versions up to, and including, 2.3.4 due to insufficient input sanitization and output escaping on user supplied attribu…
High
CVSS: 8.7
Yayın: 2025-01-24 03:15:07
An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.6.4, 17.7 before 17.7.3, and 17.8 before 17.8.1. Improper rendering of certain file types lead to cross-site scripting.
Medium
CVSS: 6.4
Yayın: 2025-01-24 03:15:06
An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.6.4, from 17.7 prior to 17.7.3, and from 17.8 prior to 17.8.1. Under certain conditions, it may have been possible for users with developer role to exf…
Unknown
CVSS: -
Yayın: 2025-01-24 01:15:07
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Rejected Reason: This candidate is unused by its CNA.
Critical
CVSS: 9.1
Yayın: 2025-01-23 23:15:08
An issue was discovered in Centreon centreon-web 24.10.x before 24.10.3, 24.04.x before 24.04.9, 23.10.x before 23.10.19, 23.04.x before 23.04.24. A user with high privileges is able to inject SQL into the form used to create virtual metrics.
High
CVSS: 7.5
Yayın: 2025-01-23 23:15:07
Heap buffer overflow in the server site handshake implementation in Real Time Logic LLC's SharkSSL version (from 05/05/24) commit 64808a5e12c83b38f85c943dee0112e428dc2a43 allows a remote attacker to trigger a Denial-of-Service via a malformed Client-…
Medium
CVSS: 4.9
Yayın: 2025-01-23 23:15:07
Information Disclosure in API in Replicated Replicated Classic versions prior to 2.53.1 on all platforms allows authenticated users with Admin Console access to retrieve sensitive data, including application secrets, via accessing container definitio…
Medium
CVSS: 6.9
Yayın: 2025-01-23 22:15:15
Variable response times in the AWS Sign-in IAM user login flow allowed for the use of brute force enumeration techniques to identify valid IAM usernames in an arbitrary AWS account.
Medium
CVSS: 6.1
Yayın: 2025-01-23 22:15:15
Cross Site Scripting vulnerability in nbubna store v.2.14.2 and before allows a remote attacker to execute arbitrary code via the store.deep.js component
Medium
CVSS: 6.1
Yayın: 2025-01-23 22:15:15
Cross Site Scripting vulnerability in Wallos v.2.41.0 allows a remote attacker to execute arbitrary code via the profile picture function.
Medium
CVSS: 5.4
Yayın: 2025-01-23 22:15:15
HortusFox v3.9 contains a stored XSS vulnerability in the "Add Plant" function. The name input field does not sanitize or escape user inputs, allowing attackers to inject and execute arbitrary JavaScript payloads.
Critical
CVSS: 9.8
Yayın: 2025-01-23 22:15:14
A SQL Injection vulnerability exists in the login form of Online Food Ordering System v1.0. The vulnerability arises because the input fields username and password are not properly sanitized, allowing attackers to inject malicious SQL queries to bypa…
Medium
CVSS: 6.1
Yayın: 2025-01-23 22:15:14
A Reflected Cross-Site Scripting (XSS) vulnerability exists in the search.php file of the Online Pizza Delivery System 1.0. The vulnerability allows an attacker to execute arbitrary JavaScript code in the browser via unsanitized input passed through…
High
CVSS: 7.5
Yayın: 2025-01-23 22:15:14
An allocation-size-too-big bug in the component /imagebuf.cpp of OpenImageIO v3.1.0.0dev may cause a Denial of Service (DoS) when the program to requests to allocate too much space.
Critical
CVSS: 9.8
Yayın: 2025-01-23 22:15:14
OpenImageIO v3.1.0.0dev was discovered to contain a heap overflow via the component /OpenImageIO/fmath.h.
Critical
CVSS: 9.8
Yayın: 2025-01-23 22:15:14
OpenImageIO v3.1.0.0dev was discovered to contain a segmentation violation via the component /OpenImageIO/string_view.h.
Critical
CVSS: 9.8
Yayın: 2025-01-23 22:15:14
OpenImageIO v3.1.0.0dev was discovered to contain a heap overflow via the component OpenImageIO_v3_1_0::farmhash::inlined::Fetch64(char const*).
Critical
CVSS: 9.1
Yayın: 2025-01-23 22:15:14
An issue was discovered in Centreon Web 24.10.x before 24.10.3, 24.04.x before 24.04.9, 23.10.x before 23.10.19, 23.04.x before 23.04.24. A user with high privileges is able to achieve SQL injection in the form to upload media.
High
CVSS: 7.8
Yayın: 2025-01-23 22:15:13
A DLL hijacking vulnerability in iTop VPN v16.0 allows attackers to execute arbitrary code via placing a crafted DLL file into the path \ProgramData\iTop VPN\Downloader\vpn6.