CVE Brief Security Intelligence

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in hashthemes Easy Elementor Addons allows PHP Local File Inclusion

Cross-Site Request Forgery (CSRF) vulnerability in wpdesk Flexible PDF Invoices for WooCommerce & WordPress allows Cross Site Request Forgery

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Pluginwale Easy Pricing Table WP allows PHP Local File Inclusion

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in immonex immonex Kickstart Team allows PHP Local File Inclusion

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PenciDesign Soledad allows PHP Local File Inclusion

Cross-Site Request Forgery (CSRF) vulnerability in purethemes WorkScout-Core allows Cross Site Request Forgery

The Advanced Views – Display Posts, Custom Fields, and More plugin for WordPress is vulnerable to Server-Side Template Injection in all versions up to, and including, 3

Uncontrolled Search Path Element vulnerability in Salesforce Salesforce CLI on Windows allows Replace Trusted Executable

Deserialization of Untrusted Data vulnerability in ConveyThis Language Translate Widget for WordPress – ConveyThis allows Object Injection

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in quadlayers Perfect Brands for WooCommerce allows SQL Injection

Authlib is a Python library which builds OAuth and OpenID Connect servers

Lack of server-side authorisation on department admin assignment APIs in AiKaan IoT Platform allows authenticated users to elevate their privileges by assigning themselves as admins of other departments

Cross-Site Request Forgery (CSRF) vulnerability in pebas CouponXxL allows Privilege Escalation

Cross-Site Request Forgery (CSRF) vulnerability in ApusTheme Findgo allows Authentication Bypass

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in gopiplus@hotmail

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFunnels Mail Mint allows SQL Injection

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Netcad Software Inc

A security flaw has been discovered in B-Link BL-AC2100 up to 1

A vulnerability was found in D-Link DCS-935L up to 1

A security vulnerability has been detected in D-Link DIR-513 A1FW110

A vulnerability has been found in Tenda AC23 up to 16

The Sound4 PULSE-ECO AES67 1

Creacast Creabox Manager contains a critical authentication flaw that allows an attacker to bypass login validation

In 2wcom IP-4c 2

Creacast Creabox Manager 4

Cross-Site Request Forgery (CSRF) vulnerability in Anps Constructo allows Object Injection

A vulnerability was identified in Tenda AC20 up to 16

A vulnerability was identified in Tenda AC21 16

A flaw was found in Libtiff

A maliciously crafted HTML payload, when rendered by the Autodesk Fusion desktop application, can trigger a Stored Cross-site Scripting (XSS) vulnerability

Deserialization of Untrusted Data vulnerability in raoinfotech GSheets Connector allows Object Injection

Deserialization of Untrusted Data vulnerability in awesomesupport Awesome Support allows Object Injection

The use of a broken or risky cryptographic algorithm was discovered in firmware version 3

A predictable seed in pseudo-random number generator vulnerability has been discovered in firmware version 3

Mesh Connect JS SDK contains JS libraries for integrating with Mesh Connect

The txtai framework allows the loading of compressed tar files as embedding indices

Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the dlt_linuxsll2_cleanup() function in plugins/dlt_linuxsll2/linuxsll2

A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability

A maliciously crafted RFA file, when parsed through Autodesk Revit, can force a Type Confusion vulnerability

A flaw was found in the Lightspeed history service

Flag Forge is a Capture The Flag (CTF) platform

Airship AI Acropolis allows unlimited MFA attempts for 15 minutes after a user has logged in with valid credentials

IBM webMethods Integration 10

Creacast Creabox Manager 4

Flowise is a drag & drop user interface to build a customized large language model flow

A vulnerability was identified in Campcodes Online Learning Management System 1

A security flaw has been discovered in Campcodes Online Learning Management System 1

A weakness has been identified in Campcodes Online Learning Management System 1

A security vulnerability has been detected in Campcodes Online Learning Management System 1

A vulnerability was detected in Campcodes Grocery Sales and Inventory System 1

A flaw has been found in Campcodes Grocery Sales and Inventory System 1

A vulnerability was determined in SourceCodester Online Hotel Reservation System 1

A vulnerability was identified in SourceCodester Online Hotel Reservation System 1

A weakness has been identified in code-projects Online Bidding System 1

A vulnerability was detected in code-projects E-Commerce Website 1

A vulnerability has been found in code-projects Online Bidding System 1

A vulnerability was found in code-projects Hostel Management System 1

A vulnerability was determined in code-projects Hostel Management System 1

A vulnerability was identified in code-projects Hostel Management System 1

A security flaw has been discovered in code-projects Hostel Management System 1

A weakness has been identified in itsourcecode Online Discussion Forum 1

A security vulnerability has been detected in SourceCodester Pet Grooming Management Software 1

A flaw has been found in code-projects Online Bidding System 1

A weakness has been identified in Campcodes Farm Management System 1

A security vulnerability has been detected in Campcodes Online Learning Management System 1

Cross-Site Scripting (XSS) vulnerability was discovered in the Ajax transaction manager endpoint of ARD

A vulnerability was detected in Campcodes Online Learning Management System 1

A flaw has been found in code-projects Hostel Management System 1

A vulnerability has been found in code-projects Hostel Management System 1

A vulnerability was found in code-projects Hostel Management System 1

A security flaw has been discovered in Jinher OA 2

A weakness has been identified in Campcodes Online Learning Management System 1

A vulnerability was detected in Campcodes Computer Sales and Inventory System 1

A flaw has been found in Campcodes Computer Sales and Inventory System 1

A vulnerability has been found in Campcodes Computer Sales and Inventory System 1

A vulnerability was found in SourceCodester Pet Grooming Management Software 1

A vulnerability was determined in 1000projects Bookstore Management System 1

A vulnerability was identified in itsourcecode Open Source Job Portal 1

A weakness has been identified in SourceCodester Pet Grooming Management Software 1

A security vulnerability has been detected in code-projects Online Bidding System 1

A vulnerability was detected in code-projects Online Bidding System 1

A flaw has been found in Reservation Online Hotel Reservation System 1

A security flaw has been discovered in Campcodes Gym Management System 1

A security flaw has been discovered in Campcodes Point of Sale System POS 1

CubeCart is an ecommerce software solution

Cross-Site Request Forgery (CSRF) vulnerability in ERA404 LinkedInclude allows Stored XSS

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e4jvikwp VikRestaurants Table Reservations and Take-Away allows Reflected XSS

Cross-Site Request Forgery (CSRF) vulnerability in scriptsbundle Nokri allows Cross Site Request Forgery

Cross-Site Request Forgery (CSRF) vulnerability in PressPage Entertainment Inc Mavis HTTPS to HTTP Redirection allows Stored XSS

Cross-Site Request Forgery (CSRF) vulnerability in wpdirectorykit Sweet Energy Efficiency allows Stored XSS

Cross-Site Request Forgery (CSRF) vulnerability in Aftabul Islam Stock Message allows Stored XSS

Cross-Site Request Forgery (CSRF) vulnerability in WPMK WPMK PDF Generator allows Stored XSS

Cross-Site Request Forgery (CSRF) vulnerability in NIX Solutions Ltd NIX Anti-Spam Light allows Cross Site Request Forgery

Cross-Site Request Forgery (CSRF) vulnerability in EdwardBock Grid allows Stored XSS

Cross-Site Request Forgery (CSRF) vulnerability in Shankaranand Maurya WP Content Protection allows Stored XSS

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in morganrichards Auction Feed allows Stored XSS

Cross-Site Request Forgery (CSRF) vulnerability in extendyourweb HORIZONTAL SLIDER allows Stored XSS

Cross-Site Request Forgery (CSRF) vulnerability in puravida1976 ShrinkTheWeb (STW) Website Previews allows Stored XSS

Cross-Site Request Forgery (CSRF) vulnerability in WP CMS Ninja Current Age Plugin allows Stored XSS