Igor Buyanov WP Power Stats Plugin Vulnerabilities
- Type: Cross-Site Request Forgery (CSRF)
- Details: Cross-Site Request Forgery (CSRF) vulnerability in Igor Buyanov WP Power Stats plugin <= 2.2.3 versions.
Fla-shop.Com Interactive World Map Plugin Vulnerabilities
- Type: Cross-Site Request Forgery (CSRF)
- Details: Cross-Site Request Forgery (CSRF) vulnerability in Fla-shop.Com Interactive World Map plugin <= 3.2.0 versions.
Biltay Technology Procost Vulnerabilities
- Type: SQL Injection
- Details: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Biltay Technology Procost allows SQL Injection, Command Line Execution through SQL Injection. This issue affects Procost: before 1390.
Category Meta Plugin Vulnerabilities
- Type: Cross-Site Request Forgery (CSRF)
- Details: Cross-Site Request Forgery (CSRF) vulnerability in josecoelho, Randy Hoyt, steveclarkcouk, Vitaliy Kukin, Eric Le Bail, Tom Ransom Category Meta plugin plugin <= 1.2.8 versions.
Supsystic Contact Form by Supsystic Plugin Vulnerabilities
- Type: Cross-Site Request Forgery (CSRF)
- Details: Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Contact Form by Supsystic plugin <= 1.7.27 versions.
JSON-Java Vulnerabilities
- Type: Denial of Service
- Details: Denial of Service in JSON-Java versions prior to 20230618. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.
SoftEther VPN Vulnerabilities
- Type: Denial of Service
- Details: A denial of service vulnerability exists in the DCRegister DDNS_RPC_MAX_RECV_SIZE functionality of SoftEther VPN 4.41-9782-beta, 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.
- Type: Information Disclosure
- Details: An information disclosure vulnerability exists in the CtEnumCa() functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674. Specially crafted network packets can lead to a disclosure of sensitive information. An attacker can send packets to trigger this vulnerability.
- Type: Buffer Overflow
- Details: A heap-based buffer overflow vulnerability exists in the vpnserver WpcParsePacket() functionality of SoftEther VPN 4.41-9782-beta, 5.01.9674 and 5.02. A specially crafted network packet can lead to arbitrary code execution. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.
- Type: Integer Underflow
- Details: An integer underflow vulnerability exists in the vpnserver OvsProcessData functionality of SoftEther VPN 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.
- Type: Authentication Bypass
- Details: An authentication bypass vulnerability exists in the CiRpcAccepted() functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674. A specially crafted network packet can lead to unauthorized access. An attacker can send a network request to trigger this vulnerability.
- Type: Authentication Bypass
- Details: An authentication bypass vulnerability exists in the CiRpcServerThread() functionality of SoftEther VPN 5.01.9674 and 4.41-9782-beta. An attacker can perform a local man-in-the-middle attack to trigger this vulnerability.
- Type: Information Disclosure
- Details: An information disclosure vulnerability exists in the ClientConnect() functionality of SoftEther VPN 5.01.9674. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.
- Type: Memory Exhaustion
- Details: OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.user_agent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it.
- Type: Denial of Service
- Details: A denial-of-service vulnerability exists in the vpnserver EnSafeHttpHeaderValueStr functionality of SoftEther VPN 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service.
- Type: Remote Code Execution
- Details: Change Request is an application allowing users to request changes on a wiki without publishing the changes directly. It's possible for a user without any specific right to perform script injection and remote code execution just by inserting an appropriate title when creating a new Change Request.
PHPJabbers Limo Booking Software Vulnerabilities
- Type: Cross-Site Request Forgery (CSRF)
- Details: PHPJabbers Limo Booking Software 1.0 is vulnerable to Cross Site Request Forgery (CSRF) via the Add Users Function, aka an index.php?controller=pjAdminUsers&action=pjActionCreate URI.
Undici Vulnerabilities
- Type: Information Leakage
- Details: Undici is an HTTP/1.1 client written from scratch for Node.js. Prior to version 5.26.2, Undici already cleared Authorization headers on cross-origin redirects, but did not clear Cookie headers. By design, cookie headers are forbidden request headers, disallowing them to be set in RequestInit.headers in browser environments. Since Undici handles headers more liberally than the spec, there was a disconnect from the assumptions the spec made, and Undici's implementation of fetch.
- Type: Remote Code Execution
- Details: Undici is an HTTP/1.1 client written from scratch for Node.js. A specially crafted request can lead to remote code execution.
- Type: Information Disclosure
- Details: Undici is an HTTP/1.1 client written from scratch for Node.js. A specially crafted request can lead to information disclosure.
SPA-Cart Vulnerabilities
- Type: Cross Site Request Forgery (CSRF)
- Details: SPA-Cart 1.9.0.3 is vulnerable to Cross Site Request Forgery (CSRF) that allows a remote attacker to add an admin user with role status.
- Type: Denial of Service
- Details: A denial-of-service vulnerability exists in the SPA-Cart ConnectionAccept() functionality. A set of specially crafted network connections can lead to denial of service.
- Type: Cross Site Request Forgery (CSRF)
- Details: SPA-Cart 1.9.0.3 has a Cross Site Request Forgery (CSRF) vulnerability that allows a remote attacker to delete all accounts.
Protocolembmsadapter.cpp Vulnerabilities
- Type: Out of Bounds Read
- Details: Possible out of bounds read in ProtocolEmbmsGlobalCellIdAdapter::Init(). Remote information disclosure with baseband firmware compromise required. No user interaction needed.
Darwinn_mlir_converter_aidl.cc Vulnerabilities
- Type: Out of Bounds Read
- Details: Possible out of bounds read in CanConvertPadV2Op. Local escalation of privilege with System execution privileges needed. No user interaction needed.
Cachet Vulnerabilities
- Type: Code Execution
- Details: Template functionality allows code execution. Patch in 2.4 branch.
Thermal_metrics.c Vulnerabilities
- Type: Out of Bounds Write
- Details: Possible out of bounds write in temp_residency_name_store. Local privilege escalation. No additional execution privileges needed. No user interaction needed.
Juniper Networks Junos OS Vulnerabilities
- Type: Time-of-check Time-of-use Race Condition
- Details: Allows a DoS attack on Junos Kernel Debugging Streaming Daemon (jkdsd). Various Junos OS versions affected.
Unspecified Buffer Overflow
- Type: Buffer Overflow
- Details: Possible out of bounds write. Remote code execution. No additional execution privileges needed. No user interaction needed.
Stmvl53l1_module.c Vulnerabilities
- Type: Out of Bounds Read
- Details: Possible out of bounds read in ctrl_roi. Local escalation of privilege with System execution privileges needed. No user interaction needed.
GitHub Repository Vim/Vim Vulnerabilities
- Type: Use After Free
- Details: Use After Free in GitHub repository vim/vim prior to v9.0.2010.
Juniper Networks Junos OS Evolved Vulnerabilities
- Type: Sensitive Information Exposure
- Details: Exposure of sensitive information. Local, authenticated attacker can view passwords. Various Junos OS Evolved versions affected.
Vantage6 Vulnerabilities
- Type: Resource Access
- Details: Malicious users may access unauthorized resources. Patch in version 4.0.0.
Unspecified Write Vulnerabilities
- Type: Use-After-Free
- Details: Use-after-free write due to improper locking. Local escalation of privilege. No additional execution privileges needed. No user interaction needed.
Unspecified Issue
- Type: Access Control
- Details: Access control issue in /api/collaboration/{id}/task endpoint. Patch in version 4.0.0.
Protocolcalladapter.cpp Vulnerabilities
- Type: Out of Bounds Read
- Details: Possible out of bounds read in ProtocolEmergencyCallListIndAdapter::Init. Remote information disclosure with baseband firmware compromise required. No user interaction needed.
Protocolmiscadapter.cpp Vulnerabilities
- Type: Out of Bounds Read
- Details: Possible out of bounds read in ProtocolMiscLceIndAdapter::GetConfLevel. Remote information disclosure with baseband firmware compromise required. No user interaction needed.
Vantage6 Vulnerabilities
- Type: Resource Deletion
- Details: Collaboration deletion issue. Linked resources not deleted. Patch in version 4.0.0.
RohcPacketCommon.cpp Vulnerabilities
- Type: Out of Bounds Read
- Details: Possible out of bounds read in ProfSixDecomTcpSACKoption. Remote information disclosure. No additional execution privileges needed. No user interaction needed.
Juniper Networks Junos OS and Junos OS Evolved Vulnerabilities
- Type: BGP Update DoS
- Details: AS PATH processing vulnerability. Denial of Service condition. Various Junos OS and Junos OS Evolved versions affected.
TBD Vulnerabilities
- Type: Stack Buffer Overflow
- Details: Possible stack buffer overflow in TBD. Remote code execution. No additional execution privileges needed. No user interaction needed.
Exynos Modem Files Vulnerabilities
- Type: Out of Bounds Write
- Details: Possible out of bounds write in Exynos modem files. Remote code execution with System execution privileges needed. No user interaction needed.
NAXSI for NGINX Vulnerabilities
- Type: WAF Bypass
- Details: Bypass of NAXSI WAF when malicious X-Forwarded-For IP matches IgnoreIP IgnoreCIDR rules. Patched in version 1.6.
GPAC Vulnerabilities
- Type: Denial of Service
- Details: Denial of service issue in GPAC v.2.2.1 and earlier. Local attacker can trigger it via Q_DecCoordOnUnitSphere function.
kOps GCE/GCP Privilege Escalation Vulnerabilities
- Type: Privilege Escalation
- Details: Privilege escalation in kOps using GCE/GCP Provider in Gossip Mode.
KaizenCoders Short URL Plugin Vulnerabilities
- Type: Cross-Site Request Forgery
- Details: Cross-Site Request Forgery vulnerability in KaizenCoders Short URL plugin.
libXpm Vulnerabilities
- Type: Out-of-Bounds Read
- Details: Out-of-bounds read vulnerability in libXpm. Triggered by a boundary condition. Allows reading memory contents on the system.
MainWP MainWP Broken Links Checker Extension Plugin Vulnerabilities
- Type: SQL Injection
- Details: SQL Injection vulnerability in MainWP MainWP Broken Links Checker Extension plugin.
Biltay Technology Kayisi Vulnerabilities
- Type: SQL Injection
- Details: SQL Injection vulnerability in Biltay Technology Kayisi.
Repuso Social Proof Testimonials and Reviews Plugin Vulnerabilities
- Type: Cross-Site Request Forgery
- Details: Cross-Site Request Forgery vulnerability in Repuso Social Proof Testimonials and Reviews plugin.
MainWP Google Analytics Extension Plugin Vulnerabilities
- Type: SQL Injection
- Details: SQL Injection vulnerability in MainWP Google Analytics Extension plugin.
dan009 WP Bing Map Pro Plugin Vulnerabilities
- Type: Cross-Site Request Forgery
- Details: Cross-Site Request Forgery vulnerability in dan009 WP Bing Map Pro plugin.
ReCorp AI Content Writing Assistant Plugin Vulnerabilities
- Type: Cross-Site Request Forgery
- Details: Cross-Site Request Forgery vulnerability in ReCorp AI Content Writing Assistant plugin.
