Medium
CVSS: 5.9
Yayın: 2025-01-21 10:15:08
A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6. In some edge cases, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system (it…
Medium
CVSS: 5.3
Yayın: 2025-01-21 10:15:07
NEC Corporation's WebSAM DeploymentManager v6.0 to v6.80 allows an attacker to reset configurations or restart products via network with X-FRAME-OPTIONS is not specified.
Medium
CVSS: 6.1
Yayın: 2025-01-21 10:15:07
The Link Library plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'searchll' parameter in all versions up to, and including, 7.7.2 due to insufficient input sanitization and output escaping. This makes it possible for unau…
Medium
CVSS: 5.3
Yayın: 2025-01-21 10:15:07
The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the wpf_delete_file and wpf_delete_file functions in all versions up to, and…
Medium
CVSS: 6.1
Yayın: 2025-01-21 10:15:07
The WP-BibTeX plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.1. This is due to missing or incorrect nonce validation on the wp_bibtex_option_page() function. This makes it possible for unaut…
Medium
CVSS: 6.4
Yayın: 2025-01-21 09:15:07
The JetElements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 2.7.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it…
High
CVSS: 8.8
Yayın: 2025-01-21 09:15:06
The String locator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.6 via deserialization of untrusted input in the 'recursive_unserialize_replace' function. This makes it possible for unauthenticat…
Medium
CVSS: 6.1
Yayın: 2025-01-21 05:15:07
On most desktop platforms, Brave Browser versions 1.70.x-1.73.x included a feature to show a site's origin on the OS-provided file selector dialog when a site prompts the user to upload or download a file. However the origin was not correctly inferre…
Medium
CVSS: 5.3
Yayın: 2025-01-21 05:15:07
The 1003 Mortgage Application plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.87. This is due the /inc/class/fnm/export.php file being publicly accessible with error logging enabled. This makes it po…
Medium
CVSS: 6.2
Yayın: 2025-01-21 01:15:07
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.24, 7.1 through 7.1.2.10, and 7.2 through 7.2.3.13 stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs.
Medium
CVSS: 4.2
Yayın: 2025-01-20 23:15:07
Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically doesn't show a screen and just operates silently in batch mode. However, it is still possible to trigger…
Medium
CVSS: 5.3
Yayın: 2025-01-20 21:15:21
Weak encryption algorithm in Easy-RSA version 3.0.5 through 3.1.7 allows a local attacker to more easily bruteforce the private CA key when created using OpenSSL 3
Medium
CVSS: 6.9
Yayın: 2025-01-20 18:15:14
Cosmos provides users the ability self-host a home server by acting as a secure gateway to your application, as well as a server manager. By monitoring the error code returned in the login, it is possible to figure out whether a user exist or not in…
Medium
CVSS: 4.0
Yayın: 2025-01-20 18:15:13
IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 allows web pages to be stored locally which can be read by another user on the system.
Medium
CVSS: 5.3
Yayın: 2025-01-20 18:15:13
IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limi…
Medium
CVSS: 5.9
Yayın: 2025-01-20 18:15:13
IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
Medium
CVSS: 5.4
Yayın: 2025-01-20 17:15:07
Fedify is a TypeScript library for building federated server apps powered by ActivityPub and other standards. This vulnerability allows a user to maneuver the Webfinger mechanism to perform a GET request to any internal resource on any Host, Port, UR…
Medium
CVSS: 5.3
Yayın: 2025-01-20 16:15:28
CodeIgniter is a PHP full-stack web framework. Prior to 4.5.8, CodeIgniter lacked proper header validation for its name and value. The potential attacker can construct deliberately malformed headers with Header class. This could disrupt application f…
Medium
CVSS: 6.5
Yayın: 2025-01-20 16:15:28
Vite is a frontend tooling framework for javascript. Vite allowed any websites to send any requests to the development server and read the response due to default CORS settings and lack of validation on the Origin header for WebSocket connections. Th…
Critical
CVSS: 10.0
Yayın: 2025-01-20 16:15:28
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adicionar_raca.php endpoint. This vulnerability allows…