| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege. |
| Contributor SQL Injection in PowerPress Podcasting <= 11.15.10 versions. |
| Editor Privilege Escalation in AI Engine <= 3.4.9 versions. |
| Subscriber Broken Authentication in FunnelKit Automations <= 3.7.3 versions. |
| Subscriber Insecure Direct Object References (IDOR) in EventPrime <= 4.3.0.0 versions. |
| Unauthenticated Broken Access Control in Masteriyo - LMS <= 2.1.5 versions. |
| Contributor PHP Object Injection in Events Calendar for GeoDirectory <= 2.3.25 versions. |
| Unauthenticated Broken Access Control in WP Directory Kit <= 1.5.0 versions. |
| Contributor Arbitrary File Deletion in Link Library <= 7.8.8 versions. |
| Unauthenticated Broken Authentication in Email Marketing for WooCommerce by Omnisend <= 1.18.0 versions. |
| Subscriber Cross Site Scripting (XSS) in EventPrime <= 4.3.2.1 versions. |
| Unauthenticated PHP Object Injection in EventPrime <= 4.3.2.1 versions. |
| Unauthenticated Cross Site Scripting (XSS) in Product Filter Widget for Elementor <= 1.0.6 versions. |
| Unauthenticated Other Vulnerability Type in WpEvently <= 5.3.3 versions. |
| Unauthenticated Other Vulnerability Type in WP Travel Engine <= 6.7.10 versions. |
| Unauthenticated Broken Access Control in SEO Plugin by Squirrly SEO <= 12.4.16 versions. |
| Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: WebCenter Sites). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Sites. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). |
| Address bar spoofing in Arc Search for Android allows a remote attacker to display a trusted domain in the address bar while rendering attacker-controlled content, enabling phishing. |
| Contributor PHP Object Injection in Avada <= 3.15.3 versions. |
| Unauthenticated PHP Object Injection in Alloggio - Hotel Booking <= 2.1.2 versions. |