The Responsive Owl Carousel for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.2.0 via the layout parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary...
8.8CVSS
7.6AI Score
0.001EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Howard Ehrenberg Custom Post Carousels with Owl allows Stored XSS.This issue affects Custom Post Carousels with Owl: from n/a through...
6.5CVSS
5.4AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LogicHunt OWL Carousel – WordPress Owl Carousel Slider allows Stored XSS.This issue affects OWL Carousel – WordPress Owl Carousel Slider: from n/a through...
6.5CVSS
6.3AI Score
0.0004EPSS
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pierre JEHAN Owl Carousel plugin <= 0.5.3...
6.5CVSS
4.8AI Score
0.0004EPSS
Incorrect pointer checks within the the FwBlockServiceSmm driver can allow arbitrary RAM modifications During review of the FwBlockServiceSmm driver, certain instances of SpiAccessLib could be tricked into writing 0xff to arbitrary system and SMRAM addresses. Fixed in: INTEL Purley-R:...
8.8CVSS
8.6AI Score
0.0004EPSS
The (1) configure and (2) config.guess scripts in GNU troff (aka groff) 1.20.1 on Openwall GNU/*/Linux (aka Owl) improperly create temporary files upon a failure of the mktemp function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary...
6.1AI Score
0.0004EPSS
Owl Labs Meeting Owl 5.2.0.15 does not require a password for Bluetooth commands, because only client-side authentication is...
Owl Labs Meeting Owl 5.2.0.15 allows attackers to deactivate the passcode protection mechanism via a certain c 11...
Owl Labs Meeting Owl 5.2.0.15 allows attackers to control the device via a backdoor password (derived from the serial number) that can be found in Bluetooth broadcast...
Owl Labs Meeting Owl 5.2.0.15 allows attackers to retrieve the passcode hash via a certain c 10 value over...
Owl Labs Meeting Owl 5.2.0.15 allows attackers to activate Tethering Mode with hard-coded hoothoot credentials via a certain c 150...
Multiple buffer overflows in (a) BarnOwl before 1.0.5 and (b) owl 2.1.11 allow remote attackers to execute arbitrary code via vectors involving (1) a crafted zcrypt message, related to zcrypt.c; (2) a reply command on a message with a Zephyr Cc: list, related to zwrite.c; and unspecified other use....
8.1AI Score
0.106EPSS
SQL injection vulnerability in b0zz and Chris Vincent Owl Intranet Engine 0.90 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified...
8.4AI Score
0.01EPSS
Cross-site scripting (XSS) vulnerability in b0zz and Chris Vincent Owl Intranet Engine 0.90 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified...
5.7AI Score
0.006EPSS
PHP remote file inclusion vulnerability in lib/OWL_API.php in OWL Intranet Engine 0.82, when register_globals is enabled, allows remote attackers to include arbitrary files via a URL in the xrms_file_root parameter, which is not initialized before...
6.8AI Score
0.1EPSS
Multiple cross-site scripting (XSS) vulnerabilities in browse.php in OWL 0.7 and 0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) expand or (2) order...
5.8AI Score
0.004EPSS
Multiple SQL injection vulnerabilities in browse.php in OWL 0.7 and 0.8 allow remote attackers to execute arbitrary SQL commands via the (1) parent or (2) sortposted...
8.5AI Score
0.002EPSS
Cross-site scripting (XSS) vulnerability in Owl Intranet Engine 0.71 and earlier allows remote attackers to insert arbitrary script via the Search...
6.2AI Score
0.004EPSS