CVE Catalog

A vulnerability allowing information disclosure has been identified in Dräger Infinity Delta, Delta XL, and Kappa patient monitors. This issue allows unauthenticated network attackers to access log files over a network connection. The exposed log files can contain sensitive information such as device internals, location data, and wired network configuration details.

A vulnerability has been identified in the D.Launcher 2 component of the Slovak eID client ecosystem, specifically in versions prior to 2.0.7.0. This vulnerability involves improper processing of custom URL handlers, which could be exploited to initiate NTLM authentication or SMB connections to an attacker's infrastructure, facilitating Server Side Request Forgery (SSRF) attacks. Exploitation requires user interaction, as the victim must open a specially crafted URL.

A reflected cross-site scripting vulnerability has been identified in the Ahmad WP Job Portal plugin, affecting versions through 2.5.1. This issue allows attackers to inject malicious scripts that are executed when users visit the affected page.

A blind SQL injection vulnerability has been identified in the Ahmad WP Job Portal plugin, affecting versions through 2.5.1. This vulnerability allows attackers to manipulate SQL queries, potentially leading to unauthorized data access or modification.

A missing authorization vulnerability has been identified in the Five Star Restaurant Reservations plugin by Etoile Web Design, affecting versions through 2.7.14. This vulnerability arises from incorrectly configured access control security levels, allowing unprivileged users to perform actions reserved for higher privileges.

A broken access control vulnerability has been identified in the EventPrime WordPress plugin, affecting versions through 4.3.2.0. This vulnerability arises from missing authorization checks, allowing unprivileged users to perform actions reserved for higher privileges.

A deserialization vulnerability allowing object injection has been identified in the Elated Themes Töbel WordPress theme, affecting versions through 1.8.1. This vulnerability could lead to various impacts, including code execution, SQL injection, path traversal, and denial of service, especially if a suitable property-oriented programming chain is exploited.

A deserialization vulnerability allowing object injection has been identified in the Elated Themes Aperitif WordPress theme, affecting versions through 1.6. This vulnerability arises from the improper handling of untrusted data, which could lead to various injection attacks, including code injection, SQL injection, and path traversal, especially if a suitable object injection chain is exploited.

A local file inclusion vulnerability has been identified in the Axiomthemes Crafti WordPress theme, affecting versions through 1.12. This vulnerability arises from improper control of filenames in include or require statements, allowing PHP remote file inclusion that could be exploited for local file inclusion instead.

A local file inclusion vulnerability has been identified in the UnboundStudio Accordion FAQ WordPress plugin, affecting versions through 2.2.1. This vulnerability arises from improper control of filenames in include or require statements, allowing PHP remote file inclusion.

A local file inclusion vulnerability has been identified in the Axiomthemes Confidant WordPress theme, affecting versions through 1.4. This vulnerability arises from improper control of filenames in include or require statements, allowing PHP remote file inclusion.

A path traversal vulnerability has been identified in Jupyter Server version 2.17.0. The issue arises from an improper root directory boundary check in the _get_os_path() function within jupyter_server/services/contents/fileio.py. The vulnerability allows unauthorized read/write access to files in sibling directories, potentially exposing sensitive data in shared hosting environments.

A stored cross-site scripting vulnerability has been identified in the Tiled Gallery Carousel Without JetPack plugin for WordPress, affecting all versions through 3.1. The issue arises from inadequate input sanitization and output escaping, allowing authenticated attackers with contributor-level access or higher to inject arbitrary scripts into pages. These scripts are executed when users access the affected pages.

A vulnerability allowing unsafe reflection has been identified in Apache Calcite versions 1.5.0 prior to 1.42. This issue arises from the use of externally controlled input to select classes or code, potentially leading to arbitrary code execution.

A vulnerability has been identified in Apache Kafka versions 4.0.0 prior to 4.3.0, related to improper authorization in the CONSUMER_GROUP_DESCRIBE API. The API incorrectly validates the DESCRIBE operation on GROUP resources instead of the READ operation, as specified in the official Kafka documentation and KIP-848. This misalignment can lead to Access Control List (ACL) misconfigurations, allowing users to gain unintended permissions or access sensitive group metadata.

A reflected cross-site scripting vulnerability has been identified in Wirtualna Uczelnia, affecting all versions through wu#2016.437.295#0#20260327_105545. The issue arises from improper handling of the locale parameter across multiple endpoints, allowing attackers to inject JavaScript into a crafted URL. When this URL is opened by a victim, the injected script executes in their browser.

A Server-Side Template Injection (SSTI) vulnerability has been identified in Wirtualna Uczelnia, allowing unauthenticated attackers to execute remote code on the server. This vulnerability is present in versions of Wirtualna Uczelnia through wu#2016.437.295#0#20260327_105545. The issue arises in the endpoint redirectToUrl, specifically within the redirectUrlParameter, where inadequate input validation enables the injection of arbitrary template expressions. Exploitation of this vulnerability could lead to the execution of remote commands, including the establishment of a reverse shell.

An LDAP filter injection vulnerability has been identified in Yandex Database versions prior to 25.3.1.25. This vulnerability allows remote attackers with valid LDAP credentials to bypass group membership checks, resulting in unauthorized access to the database.

A broken access control vulnerability has been identified in the ThimPress Thim Core WordPress plugin, affecting versions through 2.3.3. This vulnerability arises from missing authorization checks, which can be exploited to manipulate access control security levels improperly.

A missing authorization vulnerability has been identified in the ThimPress Thim Core WordPress plugin, affecting versions through 2.3.3. This vulnerability allows for arbitrary code execution, enabling malicious actors to execute unauthorized code on affected sites.

A broken access control vulnerability has been identified in the WordPress Constructor theme, specifically in versions through 1.6.5. This vulnerability allows users to access functionalities that are not properly restricted by access control lists (ACLs), potentially leading to unauthorized actions.

A privilege escalation vulnerability has been identified in the Themeisle Masteriyo LMS PRO plugin, affecting versions through 2.20.0. This vulnerability allows users to escalate their privileges, potentially leading to full control over the website.

A broken access control vulnerability has been identified in the Printeers Print & Ship WordPress plugin, affecting versions through 1.17.0. This vulnerability arises from missing authorization checks, which could allow an unprivileged user to perform actions reserved for higher privileged users.

A reflected cross-site scripting vulnerability has been identified in the UnboundStudio Accordion FAQ WordPress plugin, affecting versions through 2.2.1. This issue arises from improper input sanitization during web page generation, allowing attackers to inject malicious scripts that are executed when users visit the affected page.

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Remove NoFollow Commenter URL plugin for WordPress, affecting all versions through 1.0. The issue arises from inadequate nonce validation in the 'gmz_comment_settings_save' function, allowing unauthenticated attackers to alter the comment-display settings by sending a forged request, provided they can deceive a site administrator into clicking a link.

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Google Plus One Bottom plugin for WordPress, affecting all versions through 0.0.2. The issue arises from inadequate nonce validation in the googlePlusOneAdmin function, allowing unauthenticated attackers to alter the plugin's settings. This includes options such as plusone-lang, plusone-callback, and plusone-url, which are stored in the database. The vulnerability can be exploited by tricking a site administrator into clicking a link that sends a forged request to modify these settings.

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Laiser Tag plugin for WordPress, affecting all versions through 1.2.5. The issue arises from inadequate nonce validation in the addOptionsPageFields function, allowing unauthenticated attackers to manipulate the plugin's settings. This includes changes to the API key, tag blacklist, relevance threshold, batch size, and tagging toggles. Exploitation requires tricking a site administrator into clicking a link that initiates the forged request.

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Tectite Forms plugin for WordPress, affecting all versions through 1.3. The issue arises from inadequate nonce validation in the admin_init function, allowing unauthenticated attackers to alter plugin settings, such as the tectite_forms_button option. This exploitation requires tricking a site administrator into clicking a link that initiates the forged request.

A stored cross-site scripting vulnerability has been identified in the DeMomentSomTres Shortcodes plugin for WordPress, affecting all versions through 1.1.1. The issue arises from inadequate input sanitization and output escaping on the 'width' and 'align' attributes of the 'callout' shortcode. This vulnerability allows authenticated attackers with contributor-level access or higher to inject arbitrary scripts into pages, which are executed when users view the affected page.

A Cross-Site Request Forgery (CSRF) vulnerability exists in the WordPress Remove Meta Boxes Per User Role plugin, affecting all versions up to and including 1.01. The vulnerability arises from inadequate nonce validation on the plugin's settings page, allowing unauthenticated attackers to alter or reset meta box visibility settings for different user roles. This exploitation requires tricking a site administrator into clicking a link that initiates the forged request.

A stored cross-site scripting vulnerability has been identified in the ZeM STL plugin for WordPress, affecting all versions up to and including 1.0. The issue arises from inadequate input sanitization and output escaping of user-supplied shortcode attributes, particularly the 'url', 'color', and 'bgcolor' parameters. These attributes are directly inserted into HTML attributes without proper escaping, allowing authenticated attackers with Contributor-level access or higher to inject arbitrary scripts into pages. The injected scripts are executed when a user views the affected page.

A stored cross-site scripting vulnerability has been identified in the Easy Cart plugin for WordPress, affecting all versions through 1.8. The issue arises from inadequate input sanitization and output escaping on user-supplied shortcode attributes in the 'add_to_cart' shortcode. The vulnerability allows authenticated attackers with Contributor-level access and above to inject arbitrary web scripts into pages, which are executed when users access the injected pages.

A Cross-Site Request Forgery (CSRF) vulnerability exists in the BirdSeed plugin for WordPress, affecting all versions up to and including 2.2.0. The issue arises from the birdseed_plugin_settings_page() function, which lacks proper nonce validation. This function processes the 'birdseed_token' GET parameter and updates the database with it via update_option(), without verifying a nonce. As a result, unauthenticated attackers can manipulate the plugin's BirdSeed token setting through a forged request, provided they can deceive a site administrator into taking an action, such as clicking a link.

A stored cross-site scripting vulnerability has been identified in the Word Replacer plugin for WordPress, affecting all versions through 0.4. The issue arises from inadequate input sanitization and output escaping, allowing authenticated attackers with Administrator-level access to inject arbitrary scripts into pages. These scripts are executed when users access the compromised pages.

A vulnerability allowing authentication bypass has been identified in Prefect version 3.6.19. The issue arises from improper handling of URL path exemptions for health check probes, which allows unauthenticated access to certain API endpoints. The authentication middleware exempts any URL path ending with 'health' or 'ready' from authentication checks. This vulnerability enables an attacker to create resources with names ending in 'health' or 'ready' and access them without authentication. Affected endpoints include those for variables, flows, work pools, work queues, and deployments. This flaw can lead to unauthorized access to sensitive information stored in Prefect Variables, such as API keys and database credentials.

A reflected cross-site scripting vulnerability has been identified in the hiWeb Migration Simple plugin for WordPress, affecting all versions through 2.0.0.1. The issue arises from inadequate input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary web scripts. These scripts could be executed if an administrator is tricked into clicking a link.

A stored cross-site scripting vulnerability has been identified in the FPW Category Thumbnails plugin for WordPress, affecting all versions through 1.9.5. The issue arises from inadequate input sanitization and output escaping, allowing authenticated attackers with Subscriber-level access or higher to inject arbitrary scripts. These scripts are executed when an administrator accesses the plugin's settings page.

A vulnerability exists in the Route resource of Red Hat OpenShift that allows for controlled injection into the HAProxy configuration. This issue arises from inadequate validation of the spec.path YAML stanza in Route documents, potentially leading to remote code execution.

A reflected cross-site scripting vulnerability has been identified in the Rognone plugin for WordPress, affecting versions through 0.6.2. The issue arises from inadequate input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary web scripts. These scripts could be executed if a user is tricked into clicking a link.

A reflected cross-site scripting vulnerability has been identified in the Rognone plugin for WordPress, affecting versions through 0.6.2. The issue arises from inadequate input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary web scripts. These scripts could be executed if a user is tricked into clicking a link or performing a similar action.

A stored cross-site scripting vulnerability has been identified in the WP Nano AD plugin for WordPress, affecting all versions through 1.31. The issue arises from inadequate input sanitization and output escaping, allowing authenticated attackers with administrator-level access to inject arbitrary scripts. This vulnerability is present in multi-site installations where unfiltered HTML is disabled.

A vulnerability exists in the Really Simple Security WordPress plugin in versions prior to 9.5.10.1, where the second-factor authentication challenge is not properly enforced in two REST endpoints. This flaw allows an attacker who knows a user's password to bypass the email OTP requirement and gain a WordPress authentication session for that user.

A privilege escalation vulnerability has been identified in the Kirki WordPress plugin, specifically in versions 6.0.0 to 6.0.6. This vulnerability allows unauthenticated attackers to take over user accounts by exploiting the password reset functionality. The plugin improperly validates email addresses, enabling attackers to redirect password reset links intended for other users to their own email accounts.

An authorization bypass vulnerability has been identified in MLflow version 3.9.0 when using basic authentication. The issue arises because the application fails to enforce authorization checks for several Gateway API 'list' endpoints. Specifically, the 'BEFORE_REQUEST_HANDLERS' dictionary does not include necessary entries for 'ListGatewaySecretInfos', 'ListGatewayEndpoints', and 'ListGatewayModelDefinitions'. As a result, any authenticated user can enumerate all gateway secrets, endpoints, and model definitions, exposing sensitive information such as API keys, endpoint configurations, and proprietary model definitions to unauthorized users.

A server-side request forgery (SSRF) vulnerability has been identified in nextlevelbuilder GoClaw versions through 3.11.3. The issue resides in the TTS Configuration Endpoint, specifically within the Import function of the file internal/http/tts_config.go. This vulnerability allows authenticated users with administrative privileges to inject malicious API base URLs, which the application backend subsequently contacts without proper validation. As a result, external attackers can exploit this to interact with internal resources, such as private subnets or cloud metadata services.

A server-side request forgery (SSRF) vulnerability has been identified in DedeCMS version 5.7.88. The issue arises in the base64_decode function within the file download.php, when the Link argument is manipulated. This vulnerability allows for remote exploitation.

A buffer overflow vulnerability has been identified in the UPnP DeletePortMapping() command of the Zyxel VMG4005-B50B router. This vulnerability affects firmware versions through 5.13(ABRL.5.4)C0. An adjacent attacker could exploit this vulnerability to cause a temporary denial-of-service condition, disrupting the UPnP functionality of the device. The issue can only be exploited within a LAN or WLAN environment.

A buffer overflow vulnerability has been identified in the Zyxel VMG4005-B50B router, specifically in the UPnP AddPortMapping() command. This vulnerability affects firmware versions through 5.13(ABRL.5.4)C0. An adjacent attacker could exploit this vulnerability to cause a temporary denial-of-service condition, disrupting the UPnP functionality of the device. The issue can only be exploited within a LAN or WLAN environment.

A stored cross-site scripting vulnerability has been identified in the WordPress plugin 'Auto Image Attributes From Filename With Bulk Updater (Add Alt Text, Image Title For Image SEO)' in all versions through 4.9. This vulnerability arises from inadequate input sanitization and output escaping, allowing authenticated attackers with Author-level access or higher to inject arbitrary web scripts into pages. The injected scripts execute when a user accesses the compromised page.

A SQL injection vulnerability has been identified in the Itsourcocode Fees Management System version 1.0. The issue arises in the file '/manage_payment.php', where the 'id' parameter is not properly sanitized, allowing attackers to inject malicious SQL queries. This vulnerability can be exploited remotely, but requires authentication.