CVE Catalog

A path traversal vulnerability has been identified in the WordPress Classified Listing plugin, specifically in versions through 5.3.8. This vulnerability allows for arbitrary file download, enabling attackers to download any file from the affected website, including sensitive files such as login credentials or backup files.

A DOM-based cross-site scripting vulnerability has been identified in the Liquid Web StellarWP GiveWP plugin, affecting versions through 4.14.5. This issue arises from improper input neutralization during web page generation, allowing malicious actors to inject and execute scripts on the affected site.

A broken access control vulnerability has been identified in the WP Document Revisions plugin by Ben Balter, affecting versions through 3.8.1. This vulnerability arises from missing authorization checks, which can be exploited by unprivileged users to perform actions reserved for higher privileges.

A stored cross-site scripting vulnerability has been identified in the myCred WordPress plugin, affecting versions through 3.0.4. This issue allows attackers to inject malicious scripts that are executed when users visit the affected site.

A broken access control vulnerability has been identified in the Themefic Hydra Booking WordPress plugin, affecting versions through 1.1.41. This vulnerability arises from missing authorization checks, which can be exploited by unprivileged users to perform actions reserved for higher privileges.

An authentication bypass vulnerability has been identified in the WordPress Advanced Access Manager plugin, specifically in versions through 7.1.0. This vulnerability allows for URL encoding to be used to bypass authentication mechanisms within the plugin.

A vulnerability allowing the exposure of sensitive information has been identified in the Logtivity WordPress plugin, specifically in the Activity Logs, User Activity Tracking, and Multisite Activity Log features. This issue affects versions through 3.3.6.

A blind SQL injection vulnerability has been identified in the WP Directory Kit WordPress plugin, affecting versions through 1.5.1. This vulnerability allows attackers to manipulate SQL queries, potentially leading to unauthorized data access or modification.

A broken access control vulnerability has been identified in the WordPress GeoDirectory plugin, affecting versions through 2.8.157. This vulnerability arises from missing authorization checks, allowing unprivileged users to perform actions reserved for higher privileges.

A vulnerability exists in European Space Agency (ESA) AnomalyMatch versions prior to 1.3.1, allowing attackers to execute arbitrary code by exploiting unsafe deserialization in the model checkpoint loader. The application loads model files from session directories using torch.load() with unrestricted deserialization, creating a risk when maliciously crafted checkpoint files are introduced into the workflow.

A denial-of-service vulnerability has been identified in FlexRIC version 2.0.0. The issue arises from reachable assert(0) calls in the near-RT RIC's stub message handlers for E2AP message types that are whitelisted but not implemented. A remote, unauthenticated attacker can exploit this vulnerability by sending a decodable E2AP PDU of such a type, such as E2nodeConfigurationUpdate, to crash the near-RT RIC process on port 36421. The message successfully passes whitelist validation but triggers an unconditional assertion failure in the handler, causing the process to abort and terminate the service.

A denial-of-service vulnerability has been identified in FlexRIC version 2.0.0. The issue arises when the iApp receives an 'E42_RIC_SUBSCRIPTION_REQUEST' with an empty 'ricEventTriggerDefinition' field. The E42 layer decoder incorrectly accepts this as valid, creating a cross-layer validation mismatch. When the request is forwarded to the E2AP encoder, it asserts that the event trigger must be non-empty, causing the iApp process to crash. This vulnerability allows a remote, unauthenticated attacker to exploit the validation gap and terminate the iApp process via a SIGABRT signal, disrupting service.

A denial-of-service vulnerability has been identified in FlexRIC version 2.0.0. The issue arises when the application receives duplicate E2_SETUP_REQUEST messages from the same or a spoofed E2 node. The iApp registry incorrectly handles duplicate node IDs by using an assertion to enforce uniqueness, rather than rejecting duplicates gracefully. This flaw allows a remote, unauthenticated attacker to crash the iApp process by sending two E2_SETUP_REQUESTs with identical E2 node configurations, causing the application to abort.

A denial-of-service vulnerability has been identified in FlexRIC version 2.0.0. The issue arises from a reachable assertion in the iApp message dispatcher, which validates incoming E2AP messages against a fixed whitelist of nine entries. A remote, unauthenticated attacker can exploit this vulnerability by sending any decodable E2AP Protocol Data Unit (PDU) with a message type not included in the whitelist. This exploitation causes the iApp process to crash by triggering a SIGABRT signal. In common deployments, the iApp and near-RT RIC share a single process, so this crash terminates the entire RIC service, disconnecting all E2 Nodes and xApps.

A denial-of-service vulnerability has been identified in FlexRIC version 2.0.0. The issue arises from hardcoded assertions that validate Information Element (IE) counts in decoded E2AP messages. A remote unauthenticated attacker can exploit this vulnerability by sending a valid E2AP Protocol Data Unit (PDU) with an unexpected number of IEs, such as an E2setupRequest containing extra optional fields. This exploitation causes the near-RT RIC or iApp process to crash by terminating the process with a SIGABRT signal. The vulnerability exists because the decoder asserts exact IE counts instead of validating them against protocol-specified ranges, allowing variations in E2AP messages to be manipulated into causing a process-level crash.

A buffer overflow vulnerability has been identified in OpenSC versions through 0.26.1. This issue resides in the pkcs11-tool component, specifically within the test_kpgen_certwrite function of the pkcs11-tool.c file. The vulnerability allows for a global buffer overflow during key pair generation tests by improperly validating the length of the CKA_ID attribute returned from PKCS#11 tokens or smart cards. This flaw can be exploited remotely, although the attack's complexity is considered high.

A server-side request forgery (SSRF) vulnerability exists in Indrasishbanerjee AEM MCP Server versions prior to commit b5f833aef9b5dfd17a5991b3b18a8a11edbdc583. The vulnerability arises in the 'getAssetMetadata' function within 'src/mcp-server.ts', part of the Axios Request Flow. The issue allows remote attackers to manipulate the 'assetPath' argument, leading to unauthorized outbound requests from the server to an attacker-specified destination.

A command injection vulnerability has been identified in php-censor versions through 2.1.6. This issue resides in the Webhook Endpoint, specifically within the GitBuild model. The vulnerability allows for operating system command injection by manipulating the commitId parameter, which is passed unsanitized into shell commands. This flaw can be exploited remotely, and the injected commands are executed with root privileges in the default Docker deployment.

A vulnerability exists in a4m4 Student-Management-System versions prior to f0c5f6842c5e8c431ff02b5260a565ca844df3a0. The issue arises in the admin/deleteform.php file, where an unknown function improperly authorizes requests. This vulnerability allows unauthenticated users to delete student records remotely, potentially leading to significant data loss and integrity issues. The admin/updatedata.php script is also affected, allowing unauthorized modifications of student information. The absence of session validation in these scripts means that actions can be performed anonymously, without any logging or traceability.

An authentication bypass vulnerability has been identified in the A4m4 Student Management System in the admin directory. This flaw affects an unknown function within the admin endpoint component, in versions prior to f0c5f6842c5e8c431ff02b5260a565ca844df3a0. The vulnerability arises because the access control mechanism fails to properly terminate script execution after sending a redirect header. As a result, unauthorized users can access protected pages and administrative functionalities remotely. The issue has been publicly disclosed and exploited.

A stack-based buffer overflow vulnerability has been identified in the D-Link DI-7001 MINI router, in firmware versions through 19.09.19A1. The issue arises in the API component, specifically within the 'httpd_debug.asp' file. The vulnerability is triggered by manipulating the 'Time' parameter, which is not properly validated before being processed by the 'sprintf' function. This oversight allows remote attackers to overflow a fixed-size buffer, potentially leading to arbitrary code execution or a denial-of-service condition.

A vulnerability allowing improper authorization has been identified in Decolua 9router versions through 0.4.0. The issue arises in the HTTP Header Handler component, specifically within the 'isAuthenticated' function of 'src/dashboardGuard.js'. The vulnerability can be exploited remotely by manipulating the 'Host' header, potentially allowing unauthorized access to sensitive API endpoints such as '/api/keys' and '/api/settings'.

A signed integer overflow vulnerability has been identified in Janet programming language, specifically in versions through 1.41.0. The issue arises in the 'unmarshal_one_fiber' function within 'src/core/marsh.c', where an attacker can manipulate serialized data to cause an overflow. This vulnerability can be exploited locally, leading to allocation-size corruption. The issue has been publicly disclosed, and a patch is available.

A heap-based memory corruption vulnerability has been identified in Poppler's Splash backend. This flaw arises from an integer overflow in the 'tilingPatternFill' function, which can be exploited by a remote attacker. When a maliciously crafted PDF file is processed, the overflow causes an undersized heap memory allocation, allowing for an out-of-bounds write. Such exploitation could lead to arbitrary code execution, unauthorized information disclosure, or a denial-of-service condition in the application handling the PDF.

A privilege escalation vulnerability has been identified in Tychon due to its OpenSSL component, which allows an unprivileged user on Windows to control the OPENSSLDIR variable. Tychon includes a privileged service that utilizes this OpenSSL component. By placing a specially-crafted openssl.cnf file in a designated path, a user may execute arbitrary code with SYSTEM privileges.

A critical remote code execution vulnerability has been identified in Disig Web Signer versions 2.0.3 prior to 2.5.3. This vulnerability affects the application on Windows, macOS, and Linux operating systems.

A privilege escalation vulnerability has been identified in the WordPress AIWU plugin, specifically in versions through 1.4.17. This vulnerability allows low-privileged users to escalate their privileges, potentially leading to full control of the website.

A path traversal vulnerability has been identified in the Rocketgenius Gravity Forms WordPress plugin, allowing for arbitrary file deletion. This issue affects versions of Gravity Forms through 2.10.0.1.

A reflected cross-site scripting vulnerability has been identified in the ThimPress LearnPress WordPress plugin, affecting versions through 4.3.6. This issue allows attackers to inject malicious scripts that are executed when users visit the affected page.

A DOM-based cross-site scripting vulnerability has been identified in the WP Statistics plugin by VeronaLabs, affecting versions through 14.16.6. This issue arises from improper input sanitization during web page generation, allowing malicious actors to inject and execute scripts on the site.

A stored cross-site scripting vulnerability has been identified in Lightweight Music Server (LMS) versions through 3.76.0. This vulnerability allows attackers to execute arbitrary JavaScript by embedding malicious HTML into media file metadata tags such as GENRE, ARTIST, or ALBUM. Once a crafted media file is introduced into the victim's library, the malicious payload is saved during the library scanning process. The executed content is rendered in the web interface without proper sanitization, exploiting the vulnerability.

A DOM-based cross-site scripting vulnerability has been identified in the VikBooking Hotel Booking Engine & PMS WordPress plugin, affecting versions through 1.8.8. This issue arises from improper input sanitization during web page generation, allowing malicious actors to inject and execute scripts on the affected site.

A missing authorization vulnerability has been identified in the Tomdever wpForo Forum plugin, affecting versions through 3.0.6. This vulnerability allows exploitation of improperly configured access control security levels, potentially leading to unauthorized users performing actions reserved for higher privileges.

A reflected cross-site scripting vulnerability has been identified in the E2Pdf WordPress plugin, specifically in versions through 1.32.14. This issue allows attackers to inject malicious scripts that are executed when users visit the affected page.

A privilege escalation vulnerability has been identified in the WordPress Contest Gallery Pro plugin, affecting versions through 29.0.1. This vulnerability allows unauthorized users to gain elevated privileges, potentially leading to full control of the website.

A vulnerability in KAMSOFT KS-SOMED exists due to hard-coded credentials that grant unauthorized access to an FTP server hosting the application's update packages. This issue affects KS-SOMED modules 'KSPLUPDFTP.exe' versions prior to 30.00.00.056 and 'ANEKSKLIENT.EXE' versions prior to 29.00.02.026. With the hard-coded credentials, an attacker could upload a malicious update file that might be distributed and installed on client machines as a legitimate update.

A denial-of-service vulnerability has been identified in EURECOM FlexRIC version 2.0.0. The issue arises in the near-RT RIC component when it receives a RIC_SUBSCRIPTION_RESPONSE containing an unknown ric_id without a corresponding pending event. The response handling process, which relies on an assertion to verify the existence of a pending event, fails and causes the application to crash. This vulnerability can be exploited by a remote, unauthenticated attacker who sends a forged RIC_SUBSCRIPTION_RESPONSE over SCTP to port 36421.

A denial-of-service vulnerability has been identified in EURECOM FlexRIC version 2.0.0. The issue arises when an SCTP association is closed before an E2_SETUP_REQUEST is sent, causing the near-RT RIC to crash. This occurs because the RIC expects a mapping between the SCTP association and the E2 node to always be present during the cleanup process. A remote unauthenticated attacker can exploit this vulnerability by completing an SCTP handshake, disconnecting immediately, and without sending any E2AP message, thereby causing the RIC process to terminate.

A vulnerability exists in OpenShift Container Platform that allows non-privileged users to bypass ResourceQuota pod limits. Completed pods with a restartPolicy of 'Never' do not count towards ResourceQuota limits, and Kubernetes events are not scoped to these quotas. This flaw can be exploited by users who can create pods in a namespace, enabling them to generate a large volume of unscoped events that accumulate in etcd. This accumulation causes a degradation in API server performance across the cluster.

A security vulnerability allowing out-of-bounds read has been identified in Janet-lang's Janet programming language, specifically in versions up to 1.41.0. The issue arises in the 'doframe' function within 'src/core/debug.c', where the 'slot_index' from the symbol map is read without proper bounds checking. This flaw can be exploited locally by manipulating the 'slot_index' value in the symbol map, which is populated from untrusted marshaled data. The exploitation of this vulnerability could lead to unauthorized access to adjacent heap memory, potentially causing information disclosure or a denial-of-service condition by crashing the application.

A SQL injection vulnerability exists in the itsourcecode Content Management System version 1.0, specifically within the file /admin/edit_topic.php. The vulnerability arises because the application does not properly sanitize the 'topic_id' parameter, allowing attackers to inject malicious SQL queries. This issue can be exploited remotely, potentially leading to unauthorized database access, data manipulation, and other serious security risks.

A path traversal vulnerability has been identified in WhatsApp MCP version 0.0.1. The issue arises in the SendMessageRequest function within the whatsapp-bridge component, specifically in main.go. The vulnerability allows arbitrary file reads by manipulating the mediaPath argument, which is passed to the os.ReadFile() function without proper validation or sanitization. This exploitation could lead to unauthorized access to sensitive files on the server.

A SQL injection vulnerability has been identified in SourceCodester Computer Repair Shop Management System, specifically in version 1.0. The issue arises in the file '/admin/products/manage_product.php', where the 'id' parameter is not properly validated or sanitized. This flaw allows remote attackers to manipulate the parameter and execute malicious SQL queries, potentially leading to unauthorized data access or modification.

A SQL injection vulnerability has been identified in Code-Projects Real State Services version 1.0. The issue resides in the Login component, specifically within the loginuser.php file. The vulnerability is triggered by manipulating the Username parameter, allowing attackers to inject malicious SQL queries. This exploitation can be performed remotely, posing a significant risk to the application's database integrity and security.

A SQL injection vulnerability has been identified in CodeAstro Online Job Portal version 1.0, specifically within the 'application_status.php' file. The issue arises from inadequate validation of the 'id' parameter, allowing attackers to inject malicious SQL queries. This vulnerability can be exploited remotely, leading to unauthorized database access, data manipulation, and potential leakage of sensitive information.

A SQL injection vulnerability has been identified in CodeAstro Online Job Portal version 1.0. The issue arises in the jobs administration delete function, specifically within the delete-jobs.php file. The vulnerability allows remote attackers to manipulate the 'id' parameter, injecting malicious SQL code that is executed without proper validation or sanitization. This exploitation could lead to unauthorized database access, data modification or deletion, and exposure of sensitive information.

A stack-based buffer overflow vulnerability has been identified in the H3C Magic B0 router, affecting firmware versions through 100R002. The vulnerability arises in the SetMobileAPInfoById function within the /goform/aspForm file. This issue can be exploited remotely by manipulating the 'param' argument, leading to potential denial-of-service conditions or arbitrary code execution.

A buffer overflow vulnerability has been identified in certain Poly Voice products on the Linux platform. When the admin enables Interactive Connectivity Establishment (ICE), this vulnerability could be exploited to allow remote code execution.

A segmentation violation vulnerability has been identified in the GPAC Project MP4Box, specifically in versions prior to 26.02.0. The issue arises in the 'gf_media_get_color_info' function within 'media_tools/isom_tools.c'. This vulnerability allows attackers to cause a denial-of-service by supplying a crafted data file that exploits inconsistencies in video sample entries.

A heap use-after-free vulnerability has been identified in the GPAC Project's MP4Box, specifically in versions prior to 26.02.0. The issue arises in the dasher_process function within the dasher.c file. When the software processes crafted MPEG-2 Transport Stream files that contain corrupted Program Map Table descriptors and repeated sync marker violations, the dasher module improperly manages PID context memory. This mismanagement leads to a use-after-free condition, where a freed pointer is accessed again, causing a heap memory corruption that can crash the application and potentially allow arbitrary code execution.