Handsome Testimonials & Reviews Project Security Vulnerabilities
ngiflib commit 84a75 was discovered to contain a segmentation violation via the function SDL_LoadAnimatedGif at ngiflibSDL.c. This vulnerability is triggered when running the program...
5.5CVSS
5.5AI Score
0.0004EPSS
A vulnerability classified as critical has been found in itsourcecode Online Discussion Forum 1.0. Affected is an unknown function of the file /members/poster.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has...
8.8CVSS
6.5AI Score
0.002EPSS
CVE-2024-29095 WordPress Site Reviews plugin <= 6.11.6 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paul Ryley Site Reviews allows Stored XSS.This issue affects Site Reviews: from n/a through...
5.9CVSS
5.9AI Score
0.0004EPSS
Improper Restriction of Excessive Authentication Attempts vulnerability in wpdevart Contact Form Builder, Contact Widget allows Functionality Bypass.This issue affects Contact Form Builder, Contact Widget: from n/a through...
5.3CVSS
5.4AI Score
0.0005EPSS
Cross-site Request Forgery (CSRF)
sylius/resource-bundle is vulnerable to a Cross-Site Request Forgery. The vulnerability is due to the absence of proper validation and insufficient CSRF protection for actions such as marking order payments or product reviews in the AdminBundle and ResourceBundle. This allowing attackers to...
7AI Score
Cross-site Request Forgery (CSRF)
sylius/admin-bundle is vulnerable to Cross-Site Request Forgery (CSRF). The vulnerability is due to the absence of a CSRF token requirement in several administrative actions, such as marking orders payments as completed or refunded, and marking product reviews as accepted or rejected. This flaws...
7.1AI Score
Exploit for Deserialization of Untrusted Data in Clear Clearml
CVE-2024-24590 Deserialization of untrusted data can occur in...
8.8CVSS
7.2AI Score
0.001EPSS
Janino 3.1.9 and earlier are subject to denial of service (DOS) attacks when using the expression evaluator.guess parameter name method. If the parser runs on user-supplied input, an attacker could supply content that causes the parser to crash due to a stack overflow. NOTE: this is disputed by...
5.5CVSS
5.3AI Score
0.0004EPSS
The ReviewX – Multi-criteria Rating & Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the reviewx_remove_guest_image function in all versions up to, and including, 1.6.27. This makes it possible for authenticated...
4.3CVSS
4.7AI Score
0.0004EPSS
The ReviewX – Multi-criteria Rating & Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the reviewx_remove_guest_image function in all versions up to, and including, 1.6.27. This makes it possible for authenticated...
4.3CVSS
6.5AI Score
0.0004EPSS
A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file report/index.php. The manipulation of the argument procduct leads to sql injection. The attack may be launched remotely. The.....
9.8CVSS
7.6AI Score
0.001EPSS
An issue was discovered in the failure crate through 0.1.5 for Rust. It may introduce "compatibility hazards" in some applications, and has a type confusion flaw when downcasting. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: This may overlap.....
9.8CVSS
9.2AI Score
0.007EPSS
boxes.c in nip2 8.4.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that this product does not use the BROWSER...
8.8CVSS
8.4AI Score
0.002EPSS
The libfsntfs_attribute_read_from_mft function in libfsntfs_attribute.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on...
5.5CVSS
5.4AI Score
0.001EPSS
CVE-2022-44268 Arbitrary File Read PoC - PNG generator This...
6.5CVSS
6.9AI Score
0.014EPSS
AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. Prior to 1.7.5, there is a potential for a mutation XSS (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the...
6.1CVSS
5.7AI Score
0.0004EPSS
Missing Authorization vulnerability in Tobias Conrad Builder for WooCommerce reviews shortcodes – ReviewShort.This issue affects Builder for WooCommerce reviews shortcodes – ReviewShort: from n/a through...
5.3CVSS
0.0004EPSS
Reflected cross-site scripting (XSS) exists in Sandbox examples in the YUI2 repository. The download distributions, TreeView component and the YUI Javascript library overall are not affected. NOTE: This vulnerability only affects products that are no longer supported by the...
6.1CVSS
5.9AI Score
0.006EPSS
PwnDoc through 0.5.3 might allow remote attackers to identify disabled user account names by leveraging response messages for authentication...
5.3CVSS
5.4AI Score
0.002EPSS
Recencio Book Reviews <= 1.66.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Recencio Book Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.66.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above,.....
6.5CVSS
5.9AI Score
0.0004EPSS
Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when untrusted user input is used to set the content-type header in the HTTP .Patch, .Post, .Put and .Delete requests. This can lead to logical errors and other misbehaviors. Note: This issue is present due.....
8.8CVSS
7.6AI Score
0.004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Etoile Web Design Ultimate Reviews allows Stored XSS.This issue affects Ultimate Reviews: from n/a through...
7.1CVSS
7AI Score
0.0004EPSS
A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument txtsearch leads to sql injection. The attack can be launched remotely....
9.8CVSS
7.7AI Score
0.001EPSS
Impact A vulnerability has been identified when granting a create or * global role for a resource type of "namespaces"; no matter the API group, the subject will receive * permissions for core namespaces. This can lead to someone being capable of accessing, creating, updating, or deleting a...
6.8AI Score
EPSS
Strong Testimonials < 3.1.12 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its Testimonial fields before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. The attack requires a specific view to be...
5.9AI Score
0.0004EPSS
A vulnerability was found in UCMS 1.4.7. It has been classified as problematic. Affected is an unknown function of the file ajax.php?do=strarraylist. The manipulation of the argument strdefault leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been...
6.1CVSS
6AI Score
0.001EPSS
Prototype pollution vulnerability in function DEFNODE in ast.js in mishoo UglifyJS 3.13.2 via the name variable in ast.js. NOTE: the vendor considers this an invalid...
9.8CVSS
9.3AI Score
0.006EPSS
A heap-based buffer overflow in the libexe_io_handle_read_coff_optional_header function of libyal libexe before 20181128. NOTE: the vendor has disputed this as described in libyal/libexe issue 1 on...
3.3CVSS
4.7AI Score
0.001EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wzy Media Recencio Book Reviews allows Stored XSS.This issue affects Recencio Book Reviews: from n/a through...
6.5CVSS
6.7AI Score
0.0004EPSS
A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private...
5.9CVSS
5.4AI Score
0.001EPSS
A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be...
7.5CVSS
7.3AI Score
0.001EPSS
Missing Authorization vulnerability in Tobias Conrad Builder for WooCommerce reviews shortcodes – ReviewShort.This issue affects Builder for WooCommerce reviews shortcodes – ReviewShort: from n/a through...
5.3CVSS
7.2AI Score
0.0004EPSS
The Export User plugin through 2.0 for MyBB allows XSS during the process of an admin generating DSGVO data for a user, via the Custom User Title, Location, or Bio field. NOTE: This vulnerability only affects products that are no longer supported by the...
5.4CVSS
5.3AI Score
0.002EPSS
Missing Authorization vulnerability in Websupporter Filter Custom Fields & Taxonomies Light.This issue affects Filter Custom Fields & Taxonomies Light: from n/a through...
8.8CVSS
4.7AI Score
0.001EPSS
A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been rated as critical. This issue affects some unknown processing of the file teacher_signup.php. The manipulation of the argument firstname/lastname leads to sql injection. The attack may be initiated remotely. The...
8.8CVSS
8.9AI Score
0.001EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wzy Media Recencio Book Reviews allows Stored XSS.This issue affects Recencio Book Reviews: from n/a through...
6.5CVSS
6.6AI Score
0.0004EPSS
A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML...
4.3CVSS
4.6AI Score
0.001EPSS
A vulnerability has been found in SourceCodester Take-Note App 1.0 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used....
8.8CVSS
8.6AI Score
0.001EPSS
Doctormms v1.0 was discovered to contain a SQL injection vulnerability via the $userid parameter at myAppoinment.php. NOTE: this is disputed by a third party who claims that the userid is a session variable controlled by the server, and thus cannot be used for exploitation. The original reporter...
9.8CVSS
9.7AI Score
0.001EPSS
A vulnerability was found in SourceCodester Engineers Online Portal 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file my_students.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has...
9.8CVSS
9.6AI Score
0.001EPSS
A vulnerability classified as problematic was found in SourceCodester My Food Recipe 1.0. This vulnerability affects unknown code of the file index.php of the component Image Upload Handler. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been...
9.8CVSS
9.5AI Score
0.001EPSS
A vulnerability, which was classified as problematic, was found in SourceCodester Take-Note App 1.0. This affects an unknown part of the file index.php. The manipulation of the argument noteContent with the input alert('xss') leads to cross site scripting. It is possible to initiate the attack...
6.1CVSS
6AI Score
0.001EPSS
Revenue Collection System v1.0 was discovered to contain a SQL injection vulnerability at...
9.8CVSS
9.7AI Score
0.002EPSS
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.95 Tuleap does not sanitize properly user inputs when constructing the SQL query to retrieve data for the tracker reports. An attacker with the capability to create a....
7.2CVSS
7.8AI Score
0.002EPSS
llvm-project commit a0138390 was discovered to contain a segmentation fault via the component...
5.5CVSS
6.6AI Score
0.0004EPSS
llvm-project commit bd456297 was discovered to contain a segmentation fault via the component...
5.5CVSS
6.6AI Score
0.0004EPSS
llvm-project commit fdbc55a5 was discovered to contain a segmentation fault via the component...
5.5CVSS
6.5AI Score
0.0004EPSS
llvm-project commit a0138390 was discovered to contain a segmentation fault via the component...
5.5CVSS
6.8AI Score
0.0004EPSS
llvm-project commit a0138390 was discovered to contain an assertion failure at !replacements.count(op) && "operation was already...
5.5CVSS
6.8AI Score
0.0004EPSS
llvm-project commit 6c01b5c was discovered to contain a segmentation fault via the component...
5.5CVSS
6.6AI Score
0.0004EPSS