| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Unauthenticated Cross Site Request Forgery (CSRF) in Paid Memberships Pro - Add Member From Admin <= 0.7.2 versions. |
| An unauthenticated
NULL pointer dereference vulnerability exists in the HTTP request parsing logic
of multiple CGI components in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and
earlier. The vulnerability is caused by improper validation of required HTTP
request metadata before it is used by the affected components. A remote attacker
may exploit this vulnerability by sending a specially crafted HTTP request,
causing the affected process to crash and resulting in a denial of service. |
| Unauthenticated Insecure Direct Object References (IDOR) in GravityView <= 3.0.0 versions. |
| Unauthenticated Cross Site Request Forgery (CSRF) in Real Estate 7 <= 3.5.9 versions. |
| Subscriber Server Side Request Forgery (SSRF) in utm.codes <= 1.9.0 versions. |
| Unauthenticated Cross Site Scripting (XSS) in Quick Interest Slider <= 3.1.6 versions. |
| Subscriber Cross Site Scripting (XSS) in ListingPro <= 2.9.11 versions. |
| Subscriber Arbitrary File Upload in Travel Booking <= 2.2.5 versions. |
| Unauthenticated Cross Site Scripting (XSS) in NanoMag <= 1.8 versions. |
| File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.33.8, when a shell interpreter is configured (e.g. /bin/sh -c), the command allowlist can be bypassed through shell metacharacters. The allowlist validates only the first token of user input, but the entire raw string is handed to the shell — semicolons, pipes, backticks, and $() all work to chain arbitrary commands after a permitted one. This vulnerability is fixed in 2.33.8. |
| Subscriber Server Side Request Forgery (SSRF) in Kirki <= 6.0.11 versions. |
| Unauthenticated Sensitive Data Exposure in WCBoost – Products Compare <= 1.1.0 versions. |
| Subscriber Broken Access Control in MasterStudy LMS <= 3.7.30 versions. |
| Unauthenticated Sensitive Data Exposure in Bopo – WooCommerce Product Bundle Builder <= 1.1.6 versions. |
| An unauthenticated
buffer overflow vulnerability exists in IEEE8021x_upload.cgi in GeoVision
GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by
insufficient bounds checking when parsing filename values in multipart upload
data. A remote attacker may exploit this vulnerability by sending a crafted
upload request with overly long input, causing memory corruption and resulting
in a denial of service. |
| CWE-78 Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could allow unauthorized execution of commands with elevated privileges, impacting system integrity, confidentiality, and availability when a privileged authenticated user interacts with a vulnerable network-exposed service. |
| The Printcart Web to Print Product Designer for WooCommerce WordPress plugin through 2.4.8 is vulnerable to path traversal which makes it possible for the attacker to retrieve the directory listing for arbitrary directories on the server. |
| An unauthenticated
NULL pointer dereference vulnerability exists in IEEE8021x_upload.cgi in GeoVision
GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by
improper validation of multipart upload headers when processing
certificate-related upload fields. A remote attacker may exploit this
vulnerability by sending a malformed multipart request, causing the affected
CGI process to crash and resulting in a denial of service. |
| An unauthenticated
directory traversal vulnerability exists in get_fcont.cgi in GeoVision
GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by
insufficient validation of user-supplied file path input before the requested
file is accessed by the CGI component. A remote attacker may exploit this
vulnerability by sending a crafted request to read arbitrary files accessible
to the affected process, resulting in information disclosure. |
| The Apache Airflow FTP provider's `FTPSHook.get_conn()` created an `ftplib.FTP_TLS` connection but never called `prot_p()`, so although the control channel was TLS-protected the data channel was transmitted in cleartext. Any deployment using `FTPSHook` or `FTPSFileTransmitOperator` to move files over FTPS exposed file contents and credentials-in-transit to a network attacker able to observe the data connection. Upgrade apache-airflow-providers-ftp to `3.15.1` or later, which issues `PROT P` to encrypt the data channel. |
