Cross-Site Request Forgery (CSRF) vulnerability in Arian Khosravi, Norik Davtian BigContact Contact Page plugin <= 1.5.8 versions.

Cross-Site Request Forgery (CSRF) vulnerability in conlabzgmbh WP Google Tag Manager plugin <= 1.1 versions.

Cross-Site Request Forgery (CSRF) vulnerability in Jeroen Peters Name Directory plugin <= 1.27.1 versions.

Cross-Site Request Forgery (CSRF) vulnerability in Tips and Tricks HQ, Ruhul Amin Category Specific RSS feed Subscription plugin <= v2.1 versions.

Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto Affiliate Links plugin <= 6.3 versions.

Cross-Site Request Forgery (CSRF) vulnerability in Abdul Ibad WP Tabs Slides plugin <= 2.0.3 versions.

Cross-Site Request Forgery (CSRF) vulnerability in TriniTronic Nice PayPal Button Lite plugin <= 1.3.5 versions.

Cross-Site Request Forgery (CSRF) vulnerability in Rafael Dery Superior FAQ plugin <= 1.0.2 versions.

Improper Control of Generation of Code ('Code Injection') vulnerability in BinaryStash WP Booklet.This issue affects WP Booklet: from n/a through 2.1.8.

Missing Authorization vulnerability in Anders Thorborg.This issue affects Anders Thorborg: from n/a through 1.4.12.

Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in Hal Gatewood Dashicons + Custom Post Types.This issue affects Dashicons + Custom Post Types: from n/a through 1.0.2.

Cross-Site Request Forgery (CSRF) vulnerability in MageNet Website Monetization by MageNet plugin <= 1.0.29.1 versions.

Cross-Site Request Forgery (CSRF) vulnerability in Mr.Vibe vSlider Multi Image Slider for WordPress plugin <= 4.1.2 versions.

Improper authentication for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via network access.

An OS command injection vulnerability exists in the vtysh_ubus tcpdump_start_cb functionality of Milesight UR32L v32.3.0.5. A specially crafted HTTP request can lead to command execution. An authentic...

A vulnerability has been identified in which Rancher does not automatically clean up a user which has been deleted from the configured authentication provider (AP). This characteristic also applies to...

A Improper Privilege Management vulnerability in SUSE Rancher causes permission changes in Azure AD not to be reflected to users while they are logged in the Rancher UI. This would cause the users to ...

An Improper Privilege Management vulnerability in SUSE kubewarden allows attackers to read arbitrary secrets if they get access to the ServiceAccount kubewarden-controller This issue affects: SUSE kub...

A out-of-bounds write in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.10, FortiOS version 6.4.0 through 6.4.11, FortiOS version 6.2.0 through 6.2.13, FortiOS all ver...

An issue was discovered in TitanFTP through 1.94.1205. The move-file function has a path traversal vulnerability in the newPath parameter. An authenticated attacker can upload any file and then move i...

An issue was discovered in ChipsetSvcSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. There is insufficient input validation in BIOS Guard updates. An attacker can induce memory corruption in SMM ...

An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. It is possible to write to an attacker-controlled address. An attacker could invoke an SMI handler with a malformed...

An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. A malicious host OS can invoke an Insyde SMI handler with malformed arguments, resulting in memory corruption in SM...

Authorization Bypass Through User-Controlled Key in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304.