Monitor and prioritize what really matters — the 1% of vulnerabilities that can cause real impact.
This vulnerability is an unauthenticated arbitrary file upload flaw in the Balbooa Forms extension for Joomla. The root cause lies in insufficient validation and sanitization of uploaded files within the form submission handler, allowing executable files to be accepted and stored. The affected component is the file upload functionality of the Balbooa Forms Joomla extension, which fails to restrict file types or enforce authentication checks before processing uploads.
This vulnerability is an unauthenticated arbitrary file upload flaw stemming from improper input validation in the Blocksy Companion Pro WordPress plugin prior to version 2.1.47. The root cause is a flawed substring check using strpos() in the Custom Fonts extension, which incorrectly validates file extensions by allowing double-extension filenames to bypass the extension filter. The affected component is the save_attachments function exposed via the Advanced Reviews feature, which processes uploaded files without adequate sanitization.
This vulnerability is an OS command injection caused by improper handling of input in the unauthenticated POST /api/tunnel/tailscale-install endpoint of 9Router. The sudoPassword parameter from the request body is directly passed to the stdin of a 'sudo -S sh' child process without validation or sanitization. The affected component is the tailscale-install API route, which lacks authorization checks due to exclusion from the dashboard middleware matcher.
This vulnerability is an arbitrary file upload flaw caused by improper validation of file extensions in the Divi Form Builder plugin's do_image_upload() function. The root cause lies in the direct interpolation of user-supplied input from the acceptFileTypes POST parameter into a regular expression used for file validation. This affects the file upload component responsible for restricting executable file types, allowing bypass of intended security controls.
This vulnerability is an unauthenticated remote code execution (RCE) flaw caused by improper handling of user-supplied input in the Blocksy Companion Pro WordPress plugin, specifically versions up to and including 2.1.46. The root cause lies in insecure dynamic code evaluation that allows execution of arbitrary code without authentication. The affected component is the plugin’s backend functionality responsible for processing certain requests, which fails to sanitize or validate input before execution.
This vulnerability is a path traversal flaw caused by insufficient validation of user-supplied file path inputs within Adobe ColdFusion. The affected component improperly restricts pathname access, allowing attackers to traverse directories outside intended boundaries. This weakness occurs in ColdFusion versions 2023 and earlier, impacting the file handling mechanisms responsible for directory access control.
This vulnerability is an unauthenticated arbitrary file upload flaw in the JoomlaCK.fr Page Builder CK extension for Joomla. The root cause lies in insufficient validation and filtering of uploaded files within the extension's file upload functionality. The affected component is the file upload handler that processes incoming files without proper authentication or content-type restrictions, enabling malicious payloads to be uploaded.
This vulnerability is an unauthenticated Cross-Site Scripting (XSS) flaw arising from improper sanitization of user-supplied input in the MapPress Maps for WordPress plugin, specifically versions up to 2.97.3. The issue resides in the plugin's handling of map-related parameters that are rendered in the frontend without adequate encoding or filtering, affecting the map display component responsible for embedding Google Maps within WordPress posts or pages.
The vulnerability is an Insecure Direct Object Reference (IDOR) affecting the /api/v1/responses endpoint of the langflow-ai langflow product. The root cause is insufficient authorization validation allowing authenticated users to specify arbitrary flow IDs belonging to other users. This flaw resides in the API's access control mechanism for flow execution requests prior to version 1.9.1.
This vulnerability is an unrestricted file upload flaw in the SP Page Builder extension for Joomla. The root cause is insufficient validation and sanitization of uploaded files, allowing unauthenticated users to upload arbitrary files, including executable PHP scripts. The affected component is the file upload functionality within the SP Page Builder extension.
This vulnerability is a Local File Inclusion (LFI) flaw in the BetterDocs Pro WordPress plugin, specifically affecting versions up to 3.8.0. The root cause lies in insufficient input validation of the `doc_style` parameter, which allows an attacker to manipulate file inclusion logic. The affected component is the file inclusion mechanism within the plugin that processes the `doc_style` parameter without proper sanitization, enabling arbitrary file inclusion on the server.
This vulnerability is an arbitrary file deletion flaw rooted in improper validation of file paths within the maybe_delete_files function of the Avada (Fusion) Builder plugin for WordPress. The issue arises from insufficient sanitization of user-supplied input, enabling path traversal attacks. The affected component is the Fusion_Form_DB_Privacy cleanup routine triggered during shutdown, which processes database entries related to form submissions.
This vulnerability is a remote code execution flaw resulting from insecure deserialization of untrusted data within PTC Windchill PDMLink and FlexPLM components. Specifically, the deserialization process fails to properly validate or sanitize incoming serialized objects, allowing malicious payloads to be executed during object reconstruction. The affected components include all CPS versions and Windchill/FlexPLM releases prior to 11.0 M030, where the deserialization functionality is exposed to network input.
This vulnerability is a path traversal flaw (CWE-22) in the file upload functionality of Cisco Catalyst SD-WAN Manager's web UI. The root cause is improper validation of user-supplied input during the file upload process, allowing crafted input to manipulate file paths. The affected component is the API endpoint handling file uploads within the web management interface.
This vulnerability is a Broken Access Control flaw affecting Really Simple SSL plugin versions up to 9.5.9. The root cause lies in improper enforcement of subscriber-level permissions, allowing unauthorized users to access or manipulate functions intended for higher privilege roles. The affected component is the subscriber access control mechanism within the plugin's permission validation logic.
This vulnerability is a symbolic link (symlink) traversal issue in the LiteSpeed cPanel plugin and LiteSpeed WHM plugin components. The root cause lies in improper validation and handling of user-supplied symlink paths within the plugin's file management routines. Specifically, the plugin fails to correctly restrict symlink resolution for users with FTP or web shell access on shared hosting environments using CloudLinux/CageFS, enabling unauthorized access to filesystem locations outside intended boundaries.
This vulnerability is an authentication bypass caused by improper validation of OIDC identity tokens within SimpleHelp's authentication flow. The flaw arises because the system accepts identity tokens without verifying their cryptographic signatures. The affected component is the OIDC authentication mechanism in SimpleHelp versions 5.5.15 and earlier, as well as 6.0 pre-release versions.
This vulnerability is a Stored Cross-site Scripting (XSS) flaw caused by improper neutralization of user-supplied input during web page generation in the SliceWP WordPress plugin. The root cause lies in the plugin's failure to sanitize or encode input data before rendering it in the affected component, allowing malicious scripts to be stored and executed in users' browsers. The issue affects SliceWP versions up to and including 1.2.6.
This vulnerability is a Blind SQL Injection affecting the Product Filter by WBW WordPress plugin up to version 3.1.2. The root cause is improper neutralization of special SQL command elements within user-supplied input, allowing crafted queries to be injected into the backend database. The flaw resides in the plugin's filtering functionality that processes user input without adequate sanitization or parameterization.
This vulnerability is a Blind SQL Injection resulting from improper neutralization of special elements in SQL commands within Beardev JoomSport. The root cause lies in insufficient input sanitization of user-supplied data that is directly incorporated into SQL queries without parameterization or escaping. The affected component is the JoomSport plugin for WordPress, specifically versions up to and including 5.7.7, where database query construction fails to properly handle malicious input.
This vulnerability is an Incorrect Privilege Assignment flaw rooted in improper access control mechanisms within the Hippoo Mobile App for WooCommerce plugin. The issue arises because certain privileged functions or administrative features are accessible without proper authorization checks. The affected component is the privilege management system in versions up to 1.9.4, which fails to enforce restrictions on user capabilities, allowing unauthorized privilege escalation.
This vulnerability is an authentication bypass affecting the Updates Environment Management component of Oracle PeopleSoft Enterprise PeopleTools versions 8.61 and 8.62. The root cause lies in improper access control mechanisms that allow unauthenticated network requests over HTTP to interact with privileged environment management functions. This flaw enables attackers to bypass normal authentication checks within the PeopleTools update management interface.
This vulnerability is an authentication bypass affecting the PostgreSQL sidecar service endpoint in Splunk Enterprise. The root cause is the absence of authentication controls on this endpoint, which allows unauthenticated network users to invoke file operations. The affected component is the PostgreSQL sidecar service integrated within Splunk Enterprise versions prior to 10.2.4 and 10.0.7.
This vulnerability is a deserialization flaw in Jenkins core and plugins, allowing unsafe processing of attacker-controlled XML data. The root cause is insecure deserialization of arbitrary types from the `config.xml` submission, which is part of Jenkins' configuration management. The affected components include Jenkins versions 2.567 and earlier, and LTS 2.555.2 and earlier, specifically the configuration XML handling mechanism.
The vulnerability is an OS command injection rooted in improper input validation within Ivanti Sentry's command execution routines. Specifically, the affected component fails to sanitize user-supplied input before passing it to underlying system shell commands. This flaw exists in versions prior to R10.5.2, R10.6.2, and R10.7.1, impacting the command processing mechanism that interfaces with the operating system shell.
This vulnerability is an out-of-bounds read and write flaw occurring within the V8 JavaScript engine of Google Chrome. The root cause lies in improper bounds checking during memory operations, allowing access beyond allocated buffer limits. The affected component is the V8 engine, which handles JavaScript execution within the browser sandbox environment.
This vulnerability is an authentication bypass caused by a logic flaw in the certificate validation process within the deprecated IKEv1 key exchange protocol. The affected component is the Remote Access and Mobile Access feature of the Check Point Quantum Security Gateway. The root cause lies in improper handling of certificate validation logic flow, which allows bypassing normal authentication checks during VPN establishment.
This vulnerability is a protocol decapsulation validation flaw affecting Arista Networks EOS tunnel processing components. Specifically, the switch fails to verify the tunnel protocol type when decapsulating packets on VXLAN, decap-groups, or GRE tunnel interfaces. This improper validation causes the device to incorrectly process tunneled packets with a destination IP matching its configured decapsulation IP regardless of the actual tunnel protocol, leading to unintended packet forwarding behavior.
The vulnerability is an improper validation flaw related to the specified quantity input within the Product Slider Pro for WooCommerce plugin by ShapedPlugin, LLC. The root cause lies in insufficient sanitization and verification of user-supplied quantity parameters, allowing malicious data to bypass input controls. This flaw affects the input handling logic of the product quantity specification feature in versions prior to 3.5.4.
The vulnerability is an authentication bypass in the Joomla Content Editor (JCE) extension for Joomla, allowing unauthenticated users to create new editor profiles. This flaw arises from improper access control validation in the profile creation component of the JCE editor. The affected feature is the editor profile management functionality within the JCE extension, which fails to restrict profile creation to authorized users only.
This vulnerability is a denial-of-service condition caused by improper handling of HTTP POST requests with Content-Encoding set to deflate. The root cause lies in the Serv-U service's inability to correctly process specially crafted compressed payloads, leading to resource exhaustion or crash. The affected component is the Serv-U FTP server's HTTP request parsing logic, which does not require authentication to be triggered.
This vulnerability is a server-side request forgery (SSRF) arising from improper input validation of specific HTTP requests in Cisco Unified Communications Manager and its Session Management Edition. The flaw exists within the WebDialer service component, which processes HTTP requests without sufficient sanitization, allowing crafted requests to manipulate internal server behavior. The root cause is the lack of validation on input parameters that control file operations on the underlying operating system.
This vulnerability is a SQL Injection affecting the ARMember Premium WordPress plugin, specifically within the arm_get_directory_members() function. The root cause is insufficient escaping and lack of proper parameterization of user-supplied 'order' and 'orderby' inputs in the SQL query construction. The flaw resides in the 'arm_directory_paging_action' AJAX handler, which processes these parameters without adequate sanitization.
This vulnerability is a privilege escalation flaw caused by improper validation in the password reset functionality of the Kirki – Freeform Page Builder plugin for WordPress. The root cause lies in the plugin accepting an arbitrary email address when a username is submitted during a password reset request. The affected component is the password reset handler within the plugin's form processing logic, which fails to verify that the email corresponds to the username provided.
This vulnerability is a remote code execution flaw arising from improper handling of block registration and rendering in the Spectra Gutenberg Blocks plugin. The root cause is the ability for authenticated users with Contributor-level privileges or higher to register arbitrary block types prefixed with 'uagb-' and assign attacker-controlled render callbacks. During sequential block rendering, the plugin invokes these callbacks via call_user_func(), enabling execution of arbitrary PHP code on the server.
This vulnerability is a privilege escalation flaw caused by improper access control in the WP Maps Pro WordPress plugin. The root cause lies in the wpgmp_temp_access_ajax AJAX action being registered with wp_ajax_nopriv_, allowing unauthenticated access. The protection relies solely on a nonce embedded in the frontend JavaScript, which is publicly accessible, rendering the nonce check ineffective as an authentication barrier.
This vulnerability arises from the publication of a maliciously altered version of the Nx Console extension (version 18.95.0) for Visual Studio Code and OpenVSX. The root cause is the distribution of a compromised package through official extension marketplaces, affecting the integrity verification and supply chain of the Nx Console user interface component. The compromised version contains unauthorized code introduced during the build or publishing process, impacting the extension's execution environment within the IDE.
This vulnerability is a PHP object injection caused by the unsafe use of PHP's native unserialize() function on user-controlled input. Specifically, the CacheWarmer cookie in Mirasvit Full Page Cache Warmer for Magento 2 versions prior to 1.11.12 is processed without validation, allowing deserialization of crafted serialized PHP objects. The flaw resides in the cache warming component responsible for handling cache refresh requests and related cookie data.
This vulnerability is a deserialization flaw in Microsoft Office SharePoint Enterprise Server 2016. It arises from improper handling of untrusted serialized data within SharePoint's data processing components, allowing maliciously crafted input to be deserialized. The affected component is the SharePoint server's deserialization mechanism responsible for processing serialized objects received over the network from authorized users.
This vulnerability is a command injection flaw resulting from improper input validation in UniFi OS Server and related UniFi firmware components. The root cause lies in the failure to sanitize user-supplied input before passing it to system-level command execution functions. Affected components include UniFi OS Server and multiple UniFi device firmware versions, where network-accessible interfaces process untrusted input without adequate validation.
This vulnerability is an Improper Access Control flaw affecting Ubiquiti UniFi OS Server and related firmware components. The root cause lies in insufficient enforcement of authorization checks within system management interfaces, allowing unauthorized network actors to interact with privileged functions. The affected components include UniFi OS devices and various UniFi Dream Machine firmware variants, where control mechanisms fail to restrict access to critical configuration endpoints.
This vulnerability is a Path Traversal flaw (CWE-22) in Ubiquiti UniFi OS Server and related firmware components. The root cause is insufficient validation of user-supplied file path inputs, allowing traversal sequences to access files outside the intended directory scope. The affected components include UniFi OS Server and various UniFi device firmware versions that handle file requests without proper sanitization.
This vulnerability is a privilege escalation flaw rooted in improper handling of Redis enable/disable features within the LiteSpeed User-End cPanel Plugin. The affected component mismanages internal API calls related to the "cpanel_jsonapi_func=redisAble" parameter, allowing unauthorized elevation of privileges. The flaw resides in the plugin's logic that controls Redis functionality toggling, leading to escalation beyond intended permission boundaries.
This vulnerability is a SQL Injection flaw resulting from improper neutralization of special elements within SQL commands in Drupal core. The root cause lies in insufficient input sanitization allowing crafted input to alter SQL queries. The affected component is Drupal core versions from 8.9.0 up to but not including specified patched releases across multiple major versions, impacting database query handling mechanisms.
This vulnerability is an unrestricted file upload flaw classified under CWE-434. It arises from insufficient validation of file types during the upload process within the WP Swings Gift Cards For WooCommerce Pro plugin. The affected component is the file upload handler in the Gift Cards For WooCommerce Pro plugin versions up to 4.2.6, which fails to restrict dangerous file types, allowing arbitrary files to be uploaded.
This vulnerability is a missing authorization flaw in the FunnelKit Funnel Builder for WooCommerce Checkout plugin prior to version 3.15.0.3. The root cause is the lack of access control on the public AJAX checkout endpoint, which permits unauthenticated requests to invoke internal methods. The affected component is the plugin's External Scripts global setting, which can be manipulated through this unauthorized access vector.
This vulnerability is a supply chain compromise affecting the build and distribution process of AVB Disc Soft's DAEMON Tools Lite Windows installer packages, specifically versions 12.5.0.2421 through 12.5.0.2434. The root cause is unauthorized access to the vendor's build infrastructure, allowing attackers to inject malicious code into three signed binaries (DTHelper.exe, DiscSoftBusServiceLite.exe, DTShellHlp.exe). The trojanized binaries maintain valid digital signatures, impacting the integrity verification mechanism of the installation process.
The vulnerability is a cross-site scripting (XSS) flaw caused by improper neutralization of user-supplied input during web page generation in Microsoft Exchange Server 2016 Cumulative Update 23. This occurs due to insufficient sanitization of input data processed by the web interface, allowing malicious scripts to be injected into dynamically generated pages. The affected component is the web-based management interface of Microsoft Exchange Server 2016 CU23.
This vulnerability is an authentication bypass in the peering authentication mechanism of Cisco Catalyst SD-WAN Controller and Manager. The root cause lies in improper validation during the control connection handshaking process, allowing crafted requests to circumvent authentication checks. The affected component is the peering authentication feature responsible for establishing secure control connections within the SD-WAN fabric.
This vulnerability is an authentication bypass affecting the GlobalProtect portal and gateway components within Palo Alto Networks PAN-OS software. The root cause lies in improper validation of authentication mechanisms, allowing unauthorized users to circumvent security controls. The flaw specifically targets the authentication logic in the VPN access control process, enabling bypass without valid credentials.