High
CVSS: 8.6
An Improper Access Control vulnerability has been found in EmbedAI
2.1 and below. This vulnerability allows an authenticated attacker to obtain chat messages belonging to other users by changing the “CHAT_ID” of the endpoint "/embedai/cha…
High
CVSS: 8.6
An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to show subscription's information of others users by changing the "SUSCBRIPTION_ID" param of the endpoint…
Medium
CVSS: 5.3
The Event Tickets and Registration plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.18.1 via the tc-order-id parameter due to missing validation on a user controlled key. This ma…
High
CVSS: 8.1
vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Attacker can obtain owner rights of other organization. Hacker should know the ID of victim organization (in real case the user can be…
Medium
CVSS: 5.1
A vulnerability classified as critical was found in needyamin image_gallery 1.0. This vulnerability affects unknown code of the file /admin/gallery.php of the component Cover Image Handler. The manipulation of the argument image leads to un…
Medium
CVSS: 5.3
A vulnerability classified as critical was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. This vulnerability affects unknown code of the file src/main/java/io/github/controller/SysFileController.java. The manipu…
High
CVSS: 8.1
A flaw was found in the Open Virtual Network (OVN). Specially crafted UDP packets may bypass egress access control lists (ACLs) in OVN installations configured with a logical switch with DNS records set on it and if the same switch has any…
High
CVSS: 7.7
With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its const…
Medium
CVSS: 5.5
https://www.gnu.org/software/binutils/ nm >=2.43 is affected by: Incorrect Access Control. The type of exploitation is: local. The component is: `nm --without-symbol-version` function.
Medium
CVSS: 5.1
A vulnerability classified as critical was found in itsourcecode Farm Management System up to 1.0. This vulnerability affects unknown code of the file /add-pig.php. The manipulation of the argument pigphoto leads to unrestricted upload. The…
Medium
CVSS: 6.5
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Medium
CVSS: 5.3
The WP Hotel Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check when adding rooms in all versions up to, and including, 2.1.5. This makes it possible for unauthenticated attacke…
High
CVSS: 7.3
Visual Studio Elevation of Privilege Vulnerability
Medium
CVSS: 5.5
Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability
Medium
CVSS: 6.5
Windows Geolocation Service Information Disclosure Vulnerability
High
CVSS: 8.8
Active Directory Domain Services Elevation of Privilege Vulnerability
Medium
CVSS: 4.6
Secure Boot Security Feature Bypass Vulnerability
Medium
CVSS: 6.1
Windows Recovery Environment Agent Elevation of Privilege Vulnerability
Medium
CVSS: 5.3
A vulnerability was found in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.0.0. It has been classified as critical. Affected is an unknown function of the file /crm/weixinmp/index.php?userid=123&module=Users&usid=1&action=…
Medium
CVSS: 6.9
A vulnerability, which was classified as critical, was found in Blog Botz for Journal Theme 1.0 on OpenCart. This affects an unknown part of the file /index.php?route=extension/module/blog_add. The manipulation of the argument image leads t…