An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that can delete import information about a user's...
6.5CVSS
6.6AI Score
0.001EPSS
An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that allows attackers to delete admin and other members' account...
6.5CVSS
6.8AI Score
0.001EPSS
An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that can modify admin and other members'...
6.5CVSS
6.9AI Score
0.001EPSS
A reflected XSS was discovered in PESCMS-V2.3.3. When combined with CSRF in the same file, they can cause bigger...
6.1CVSS
6AI Score
0.001EPSS
GiveWP – Donation Plugin and Fundraising Platform < 3.12.1 - Reflected Cross-Site Scripting
Description The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 3.12.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
7.1CVSS
6.3AI Score
0.0004EPSS
Mattermost allows team admins to promote guests to team admins
Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes, which allows an attacker authenticated as a team admin to promote guests to team admins via crafted HTTP...
2.7CVSS
3.6AI Score
0.0004EPSS
Description The Recurring PayPal Donations plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
6.5CVSS
5.8AI Score
0.0004EPSS
litellm vulnerable to improper access control in team management
berriai/litellm version 1.34.34 is vulnerable to improper access control in its team management functionality. This vulnerability allows attackers to perform unauthorized actions such as creating, updating, viewing, deleting, blocking, and unblocking any teams, as well as adding or deleting any...
5.3CVSS
6.7AI Score
0.0004EPSS
litellm vulnerable to improper access control in team management
berriai/litellm version 1.34.34 is vulnerable to improper access control in its team management functionality. This vulnerability allows attackers to perform unauthorized actions such as creating, updating, viewing, deleting, blocking, and unblocking any teams, as well as adding or deleting any...
5.3CVSS
6.8AI Score
0.0004EPSS
Mattermost allows team admins to promote guests to team admins in...
2.7CVSS
3.6AI Score
0.0004EPSS
Swim Team <= v1.44.10777 - Local File Inclusion
The program /wp-swimteam/include/user/download.php allows unauthenticated attackers to retrieve arbitrary files from the...
5.3CVSS
5.4AI Score
0.13EPSS
WP Fundraising Donation and Crowdfunding Platform < 1.7.0 - Missing Authorization
Description The WP Fundraising Donation and Crowdfunding Platform plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions surrounding donation modification in versions up to, and including, 1.6.4. This makes it possible for...
5.3CVSS
6.6AI Score
0.0004EPSS
0.1AI Score
Exploit for Authentication Bypass Using an Alternate Path or Channel in Jetbrains Teamcity
TeamCity CVE-2023-42793 Exploit This Python script exploits...
9.8CVSS
9.5AI Score
0.97EPSS
7.8CVSS
7.7AI Score
0.0004EPSS
Description The GiveWP plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.4.2 via deserialization of untrusted input. This makes it possible for authenticated attackers, with give manager-level access and above, to inject a PHP Object. No known POP...
8CVSS
7.4AI Score
0.0004EPSS
Directory Traversal vulnerability in easywebpack-cli before 4.5.2 allows attackers to obtain sensitive information via crafted GET...
5.3CVSS
5.1AI Score
0.001EPSS
team-cognito.com Cross Site Scripting vulnerability OBB-3902083
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
team-ulm.de Cross Site Scripting vulnerability OBB-3880404
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
CVE-2023-52574 team: fix null-ptr-deref when team device type is changed
In the Linux kernel, the following vulnerability has been resolved: team: fix null-ptr-deref when team device type is changed Get a null-ptr-deref bug as follows with reproducer [1]. BUG: kernel NULL pointer dereference, address: 0000000000000228 ... RIP: 0010:vlan_dev_hard_header+0x35/0x140...
6.5AI Score
0.0004EPSS
team-match.com Cross Site Scripting vulnerability OBB-3878870
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
CVE-2023-52574 team: fix null-ptr-deref when team device type is changed
In the Linux kernel, the following vulnerability has been resolved: team: fix null-ptr-deref when team device type is changed Get a null-ptr-deref bug as follows with reproducer [1]. BUG: kernel NULL pointer dereference, address: 0000000000000228 ... RIP: 0010:vlan_dev_hard_header+0x35/0x140...
7.4AI Score
0.0004EPSS
WordPress Paytm Donation <=1.3.2 - Authenticated SQL Injection
WordPress Paytm Donation plugin through 1.3.2 is susceptible to authenticated SQL injection. The plugin does not sanitize, validate, or escape the id GET parameter before using it in a SQL statement when deleting donations. An attacker can possibly obtain sensitive information, modify data, and/or....
7.2CVSS
7.3AI Score
0.291EPSS
STHS v2 Web Portal 'team' parameter Multiple SQLi Vulnerabilities
STHS v2 Web Portal is prone to multiple SQL injection (SQLi) vulnerabilities because the application fails to sufficiently sanitize user-supplied data before using it in an SQL...
7.7AI Score
0.003EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in wpecommerce Recurring PayPal Donations allows Stored XSS.This issue affects Recurring PayPal Donations: from n/a through...
6.5CVSS
0.0004EPSS
Microsoft Visual Studio Team Foundation Server Privilege Elevation Vulnerability (2719584)
This host is missing an important security update according to Microsoft Bulletin...
6.5AI Score
0.871EPSS
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'give_form' shortcode when used with a legacy form in all versions up to, and including, 3.10.0 due to insufficient input sanitization and output escaping on...
6.4CVSS
5.8AI Score
0.0004EPSS
Mattermost allows team admins to promote guests to team admins
Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes, which allows an attacker authenticated as a team admin to promote guests to team admins via crafted HTTP...
2.7CVSS
6.6AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in wpecommerce Recurring PayPal Donations allows Stored XSS.This issue affects Recurring PayPal Donations: from n/a through...
6.5CVSS
6.8AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David de Boer Paytium: Mollie payment forms & donations allows Stored XSS.This issue affects Paytium: Mollie payment forms & donations: from n/a through...
6.5CVSS
6.6AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David de Boer Paytium: Mollie payment forms & donations allows Stored XSS.This issue affects Paytium: Mollie payment forms & donations: from n/a through...
6.5CVSS
6.7AI Score
0.0004EPSS
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'give_form' shortcode when used with a legacy form in all versions up to, and including, 3.10.0 due to insufficient input sanitization and output escaping on...
6.4CVSS
5.9AI Score
0.0004EPSS
CVE-2024-5710 Improper Access Control in Team Management in berriai/litellm
berriai/litellm version 1.34.34 is vulnerable to improper access control in its team management functionality. This vulnerability allows attackers to perform unauthorized actions such as creating, updating, viewing, deleting, blocking, and unblocking any teams, as well as adding or deleting any...
5.3CVSS
6.8AI Score
0.0004EPSS
CVE-2023-51415 WordPress GiveWP Plugin <= 3.2.2 is vulnerable to Cross Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform allows Stored XSS.This issue affects GiveWP – Donation Plugin and Fundraising Platform: from n/a through...
6.5CVSS
6.5AI Score
0.0004EPSS
CVE-2024-5710 Improper Access Control in Team Management in berriai/litellm
berriai/litellm version 1.34.34 is vulnerable to improper access control in its team management functionality. This vulnerability allows attackers to perform unauthorized actions such as creating, updating, viewing, deleting, blocking, and unblocking any teams, as well as adding or deleting any...
5.3CVSS
0.0004EPSS
@wangeditor/editor is vulnerable to Cross-site scripting (XSS). The vulnerability is due to missing input sanitization within the image upload function, which allows an attacker to execute arbitrary JavaScript in the...
6.6AI Score
EPSS
Missing Authorization vulnerability in Wpmet WP Fundraising Donation and Crowdfunding Platform.This issue affects WP Fundraising Donation and Crowdfunding Platform: from n/a through...
5.3CVSS
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform allows Stored XSS.This issue affects GiveWP – Donation Plugin and Fundraising Platform: from n/a through...
6.5CVSS
5.8AI Score
0.0004EPSS
CVE-2023-51415 WordPress GiveWP Plugin <= 3.2.2 is vulnerable to Cross Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform allows Stored XSS.This issue affects GiveWP – Donation Plugin and Fundraising Platform: from n/a through...
6.5CVSS
6.6AI Score
0.0004EPSS
Description The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Team Member widget in all versions up to, and including, 2.6.9.6 due to insufficient input sanitization and output escaping on user supplied 'url' attribute. This makes it...
6.4CVSS
5.9AI Score
0.001EPSS
Description The Essential Addons for Elementor PRO – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Team Member Carousel widget in all Pro versions up to, and including, 5.8.14 due to insufficient...
6.4CVSS
5.8AI Score
0.0004EPSS
Missing Authorization vulnerability in Wpmet WP Fundraising Donation and Crowdfunding Platform.This issue affects WP Fundraising Donation and Crowdfunding Platform: from n/a through...
5.3CVSS
5.3AI Score
0.0004EPSS
IBM Jazz Team Server Detection
IBM Jazz Team Server, a base component for several IBM Jazz Foundation products, is installed on the remote...
1.2AI Score
Missing Authorization vulnerability in Wpmet WP Fundraising Donation and Crowdfunding Platform.This issue affects WP Fundraising Donation and Crowdfunding Platform: from n/a through...
5.3CVSS
0.0004EPSS
There is a cross-site scripting (XSS) issue in wangEditor via the image upload function in version 4.7.11. This issue has been fixed in version...
5.7AI Score
EPSS
Missing Authorization vulnerability in Wpmet WP Fundraising Donation and Crowdfunding Platform.This issue affects WP Fundraising Donation and Crowdfunding Platform: from n/a through...
5.3CVSS
7.2AI Score
0.0004EPSS
Mattermost fails to properly verify the permissions needed for viewing archived public channels, allowing a member of one team to get details about the archived public channels of another team via the GET /api/v4/teams//channels/deleted...
4.3CVSS
6.7AI Score
0.0004EPSS
Mattermost viewing archived public channels permissions vulnerability
Mattermost fails to properly verify the permissions needed for viewing archived public channels, allowing a member of one team to get details about the archived public channels of another team via the GET /api/v4/teams//channels/deleted...
4.3CVSS
4.6AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David de Boer Paytium: Mollie payment forms & donations allows Stored XSS.This issue affects Paytium: Mollie payment forms & donations: from n/a through...
6.5CVSS
6.6AI Score
0.0004EPSS
6.5CVSS
0.8AI Score
0.003EPSS