| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Unauthenticated SQL Injection in Tutor LMS Pro <= 3.9.6 versions. |
| Unauthenticated SQL Injection in Blocksy Companion Pro < 2.1.29 versions. |
| Contributor Local File Inclusion in Element Pack Pro <= 9.0.6 versions. |
| Contributor Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.37 versions. |
| Unauthenticated Cross Site Scripting (XSS) in Profile Builder Pro <= 3.15.0 versions. |
| Unauthenticated Broken Authentication in PowerPack Pro for Elementor < v2.13.0 versions. |
| Unauthenticated Cross Site Scripting (XSS) in WPFunnels Pro <= 2.9.4 versions. |
| Unauthenticated Broken Authentication in SMS Alert Order Notifications <= 3.9.3 versions. |
| Unauthenticated SQL Injection in WP eMember < v10.9.4 versions. |
| Unauthenticated Cross Site Scripting (XSS) in SweetDate Core < 1.1.5 versions. |
| Redis Lua HEAP overflow in cjson library vulnerability in Apache Kvrocks.
This issue affects Apache Kvrocks: from 2.0.4 through 2.15.0.
Users are recommended to upgrade to version 2.16.0, which fixes the issue. |
| Subscriber Sensitive Data Exposure in Visual Link Preview <= 2.3.1 versions. |
| Subscriber SQL Injection in SALESmanago & Leadoo <= 3.11.2 versions. |
| Unauthenticated Broken Access Control in Motors <= 1.4.109 versions. |
| Unauthenticated Broken Access Control in Five Star Restaurant Reservations <= 2.7.19 versions. |
| Unauthenticated SQL Injection in Premmerce Wishlist for WooCommerce <= 1.1.11 versions. |
| Subscriber PHP Object Injection in EventPrime <= 4.3.4.1 versions. |
| Unauthenticated Cross Site Scripting (XSS) in Forminator <= 1.53.1 versions. |
| Halo is an open source website building tool. Prior to 2.24.3, a path traversal vulnerability in the backup download endpoint allows authenticated administrators to read arbitrary files from the server filesystem. The backup download endpoint (GET /apis/console.api.migration.halo.run/v1alpha1/backups/{name}/files/{filename}) in MigrationServiceImpl.download() resolves the backup filename via Path.resolve() without validating that the resolved path stays within the designated backups directory. Also, the Backup creation endpoint (POST /apis/migration.halo.run/v1alpha1/backups) does not sanitize the status fields during creation This vulnerability is fixed in 2.24.3. |
| Outline is a service that allows for collaborative documentation. Prior to 1.8.0, the AuthenticationHelper.canAccess function uses ctx.originalUrl to verify if an API key or OAuth token has the required scopes for a request. It extracts the resource by splitting the URL by / and taking the last segment. However, it fails to strip the URL fragment (#). Because Koa's router uses ctx.path (which strips the fragment) for routing, an attacker can append a fragment containing a permitted path (e.g., #foo/api/documents.info) to a restricted endpoint (e.g., /api/documents.create). The router will route the request to the restricted endpoint, but canAccess will evaluate the permitted path in the fragment, bypassing the API key scope restrictions and allowing privilege escalation. This vulnerability is fixed in 1.8.0. |
