A security flaw exists in the Next.js framework that allows an attacker to bypass authorization checks if such checks are implemented in middleware. This vulnerability arises in versions prior to 14.2.25 and 15.2.3. To mitigate risk, it is recommended to restrict incoming requests that include th...

A vulnerability has been identified in Open Asset Import Library Assimp, specifically in version 5.4.3, under the function fast_atoreal_move located in include/assimp/fast_atof.h. This flaw permits an out-of-bounds read, which can potentially be exploited through remote attacks. Public disclosure...

A vulnerability has been identified in the Open Asset Import Library (Assimp) version 5.4.3, specifically in the CSM File Handler component's InternReadFile function. This vulnerability arises from improper handling of the 'na' argument, leading to an out-of-bounds read condition. The flaw can be...

A vulnerability exists in Open Asset Import Library Assimp version 5.4.3, specifically within the Assimp::CSMImporter::InternReadFile function located in CSM File Handler's CSMLoader.cpp. This flaw allows for out-of-bounds write operations that could be exploited remotely, potentially leading to ...

A vulnerability has been identified in the Material Upload Interface of zhijiantianya Ruoyi-Vue-Pro version 2.4.1, specifically within the file /admin-api/mp/material/upload-news-image. This flaw allows attackers to manipulate the File argument, leading to potential path traversal exploits. The n...

A path traversal vulnerability exists in the Material Upload Interface of the ruoyi-vue-pro version 2.4.1. The flaw allows attackers to manipulate the File argument in the /admin-api/mp/material/upload-temporary endpoint, potentially leading to unauthorized file access or deletion. This attack ca...

A security issue in the Kubernetes platform allows an unauthenticated attacker with access to the pod network to execute arbitrary code within the context of the ingress-nginx controller. This vulnerability poses serious security risks, as it can potentially expose sensitive secrets accessible to...

A security flaw exists in the Next.js framework that allows an attacker to bypass authorization checks if such checks are implemented in middleware. This vulnerability arises in versions prior to 14.2.25 and 15.2.3. To mitigate risk, it is recommended to restrict incoming requests that include th...

A vulnerability discovered in the zhijiantianya ruoyi-vue-pro product allows remote attackers to manipulate the argument 'File' in the Material Upload Interface. This manipulation may lead to unauthorized access and path traversal, potentially enabling attackers to access sensitive files on the s...

A security vulnerability has been identified in the PHPGurukul Old Age Home Management System version 1.0, specifically in the file /admin/eligibility.php. This vulnerability arises from improper handling of user input in the argument 'pagetitle', which can be exploited via a SQL injection attack...

This vulnerability allows attackers to inject malicious scripts into web pages viewed by users, exploiting weaknesses in the input validation within the eCommerce plugin for WordPress. If exploited, this could lead to the execution of arbitrary JavaScript code in the context of the user's session...

The Favorites WordPress plugin versions prior to 2.3.5 are vulnerable due to insufficient sanitization and escaping of certain settings. This flaw allows high privilege users, including administrators, to execute Stored Cross-Site Scripting (XSS) attacks, regardless of the unfiltered_html capabil...

This vulnerability arises from insufficient sanitization and escaping of certain parameters during page output, which could allow unauthenticated users to execute stored Cross-Site Scripting (XSS) attacks. If exploited, attackers can manipulate user sessions, deliver malicious payloads, or intera...

The AOA Downloadable plugin for WordPress versions up to 0.1.0 has a security weakness due to improper authorization and authentication on its download.php endpoint. This vulnerability enables malicious actors to send requests to arbitrary URLs without the need for user authentication, potentiall...

The WP-Recall plugin for WordPress prior to version 16.26.12 contains a vulnerability that allows attackers to execute SQL injection attacks. This occurs due to a failure to properly sanitize and escape user-supplied input in SQL statements. Consequently, administrators could be manipulated into ...

The aoa-downloadable WordPress plugin versions up to 0.1.0 contains a security flaw that fails to properly validate parameters in its download function. This lack of validation allows unauthenticated attackers to exploit the vulnerability and download arbitrary files from the server, potentially ...

The Stylish Google Sheet Reader plugin for WordPress versions prior to 4.1 contains a vulnerability where user-supplied input is not properly sanitized or escaped before being rendered on the web page. This oversight can lead to Reflected Cross-Site Scripting (XSS) attacks, allowing malicious act...

The AFI WordPress plugin prior to version 1.100.0 lacks proper sanitization and escaping measures for certain settings, which may permit high privilege users, including administrators, to execute Stored Cross-Site Scripting (XSS) attacks. This vulnerability poses a risk even in environments where...

The AFI WordPress plugin fails to adequately sanitize and escape certain settings, enabling users with elevated privileges, such as administrators, to execute Stored Cross-Site Scripting (XSS) attacks. This vulnerability poses a significant risk in configurations where the unfiltered_html capabil...

The Simple Banner plugin for WordPress, versions prior to 3.0.4, fails to properly sanitize and escape certain configuration settings. This oversight permits users with elevated privileges, such as administrators, to execute Stored Cross-Site Scripting (XSS) attacks. Even in multisite environment...

The IP Based Login plugin for WordPress, prior to version 2.4.1, is susceptible to Cross-Site Request Forgery (CSRF) attacks. This vulnerability arises from the absence of adequate CSRF checks, allowing attackers to exploit legitimate user sessions and perform unauthorized actions on behalf of lo...

The Smart Maintenance Mode plugin for WordPress, prior to version 1.5.2, has a security flaw that allows high privilege users, such as administrators, to execute stored cross-site scripting (XSS) attacks. This vulnerability arises from the plugin's failure to properly sanitize and escape certain ...

A vulnerability exists in the Product Labels for Woocommerce (Sale Badges) plugin, where it fails to properly sanitize and escape a specific parameter used in SQL statements. This oversight can be exploited by administrators to conduct SQL injection attacks, potentially leading to unauthorized da...

A vulnerability exists in PHPGurukul's Old Age Home Management System, version 1.0, specifically in the processing of the file /admin/manage-services.php. An attacker can exploit this weakness by manipulating the 'sertitle' parameter, leading to unauthorized SQL injection attacks. This allows for...

The Contact Form & SMTP Plugin for WordPress by PirateForms versions earlier than 2.6.0 does not adequately sanitize and escape certain settings. This lack of proper validation enables high privilege users, like administrators, to execute Stored Cross-Site Scripting (XSS) attacks, compromising se...

The WP Tabs WordPress plugin, prior to version 2.2.7, fails to adequately sanitize and escape certain settings. This shortcoming enables high privilege users, such as administrators, to execute Stored Cross-Site Scripting (XSS) attacks, even in scenarios where the unfiltered_html capability is re...

The Quiz and Survey Master plugin for WordPress, prior to version 9.2.1, fails to properly sanitize and escape certain settings. This oversight enables users with elevated privileges, such as administrators, to execute Stored Cross-Site Scripting (XSS) attacks, even if the unfiltered_html capabil...

A security vulnerability exists in the Events Calendar plugin for WordPress, where insufficient sanitization and escaping of certain settings allow high privilege users, such as administrators, to execute Stored Cross-Site Scripting (XSS) attacks. This vulnerability can compromise the security of...

The Contact Form & SMTP Plugin for WordPress by PirateForms prior to version 2.6.0 is susceptible to stored cross-site scripting attacks. The vulnerability arises due to the failure to properly sanitize and escape certain settings, allowing high-privilege users, such as administrators, to exploit...

The Product Labels For Woocommerce (Sale Badges) plugin for WordPress prior to version 1.5.11 is susceptible to SQL injection due to improper sanitization and escaping of input parameters in SQL statements. This vulnerability enables an attacker with administrative privileges to execute arbitrary...

The Slider by 10Web WordPress plugin prior to version 1.2.62 has a vulnerability due to improper sanitization and escaping of certain settings. This flaw permits high privilege users, such as administrators, to execute Stored Cross-Site Scripting (XSS) attacks. Even in configurations where the un...

A vulnerability has been discovered in PHPGurukul's Old Age Home Management System version 1.0, which allows remote attackers to manipulate the 'namesc' parameter within the file '/admin/manage-scdetails.php'. This manipulation can lead to SQL injection, potentially compromising the database and ...

The Slider by 10Web plugin for WordPress prior to version 1.2.62 contains a vulnerability due to insufficient sanitization and escaping of certain settings. This flaw allows users with high privileges, such as administrators, to exploit the vulnerability and launch Stored Cross-Site Scripting (XS...

The Form Maker plugin developed by 10Web for WordPress prior to version 1.15.30 contains a serious vulnerability due to inadequate sanitization and escaping of certain settings. This oversight permits high-privilege users, such as administrators, to carry out Stored Cross-Site Scripting (XSS) att...

The WP-Advanced-Search plugin for WordPress versions prior to 3.3.9.3 contains a vulnerability where it fails to properly sanitize and escape certain settings. This oversight could result in high privilege users, specifically admins, being able to execute Stored Cross-Site Scripting (XSS) attacks...

The Stylish Price List plugin for WordPress prior to version 7.1.12 has a serious security flaw that fails to properly sanitize and escape certain settings. This vulnerability may allow high privilege users, such as contributors, to execute Stored Cross-Site Scripting (XSS) attacks, even when the...

The Job Postings plugin for WordPress, specifically versions prior to 2.7.11, is susceptible to a stored cross-site scripting vulnerability. This arises due to insufficient sanitization and escaping of certain settings, allowing high privilege users, such as contributors, to execute harmful scrip...

A significant SQL injection vulnerability has been identified in the PHPGurukul Old Age Home Management System version 1.0. The flaw resides in the 'pagetitle' parameter within the '/admin/contactus.php' file, allowing attackers to manipulate this argument to execute arbitrary SQL commands. This ...

A vulnerability exists in the PHPGurukul Old Age Home Management System version 1.0, specifically within the /admin/bwdates-report-details.php file. This vulnerability allows for SQL injection through the manipulation of the 'fromdate' argument, which could lead to unauthorized access to the data...

An SQL injection vulnerability has been identified in the PHPGurukul Old Age Home Management System version 1.0. This issue arises from the manipulation of the 'sertitle' argument within the /admin/add-services.php file. As a result, unauthorized users could execute remote attacks by exploiting t...

An SQL injection vulnerability has been identified in the PHPGurukul Old Age Home Management System, specifically in the '/admin/aboutus.php' file. This vulnerability arises from improper handling of user input in the 'pagetitle' parameter, allowing attackers to execute malicious SQL queries remo...

A significant OS command injection vulnerability exists in the OpenManus application, specifically affecting the Prompt Handler component within the python_execute.py file. This flaw may be exploited remotely, allowing attackers to execute arbitrary commands on the host system. Despite attempts t...

A security flaw exists in the Next.js framework that allows an attacker to bypass authorization checks if such checks are implemented in middleware. This vulnerability arises in versions prior to 14.2.25 and 15.2.3. To mitigate risk, it is recommended to restrict incoming requests that include th...

A security vulnerability exists in several H3C Magic devices that allows an attacker to execute arbitrary commands through improper handling of HTTP POST requests in the /api/wizard/getWifiNeighbour endpoint. This could allow unauthorized remote control, potentially leading to various malicious a...

Apache Tomcat is affected by a security vulnerability that allows attackers to exploit path equivalence issues. If certain conditions are met, such as having write permissions enabled for the default servlet and supporting partial PUT uploads, attackers can potentially execute remote code or disc...

A command injection vulnerability exists in the H3C Magic product line, including models NX15, NX30 Pro, NX400, R3010, and BE18000, up to version V100R014. The issue is associated with the /api/wizard/getDualbandSync endpoint of the HTTP POST Request Handler component. This weakness allows attack...

A command injection vulnerability exists in the H3C Magic NX15, NX30 Pro, NX400, R3010, and BE18000 devices through the /api/wizard/getssidname endpoint of the HTTP POST Request Handler. This flaw allows an unauthorized user to execute arbitrary commands remotely. Public disclosure of this exploi...

A vulnerability exists within the HTTP POST Request Handler of certain H3C Magic routers, specifically affecting networkSetup API calls. This flaw allows an attacker to execute arbitrary commands on the devices remotely, potentially compromising network integrity and confidentiality. The vendor h...

A significant vulnerability in the H3C Magic NX30 Pro router allows attackers to exploit the HTTP POST Request Handler within the /api/wizard/getNetworkStatus endpoint. This vulnerability enables remote attackers to execute arbitrary commands on the device, potentially compromising its integrity ...

A command injection vulnerability exists in specific H3C Magic products, which involves the HTTP POST Request Handler component's file /api/esps. This flaw can be exploited remotely, allowing attackers to execute arbitrary commands. The issue affects multiple models, including NX15, NX30 Pro, NX4...