| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Unauthenticated Local File Inclusion in Rosaleen <= 2.8 versions. |
| Unauthenticated PHP Object Injection in Hot Coffee <= 1.7 versions. |
| Unauthenticated Local File Inclusion in Raider Spirit <= 1.1.2 versions. |
| Unauthenticated Local File Inclusion in Corbesier <= 1.15.0 versions. |
| Unauthenticated Local File Inclusion in Deliciosa <= 1.10.0 versions. |
| Unauthenticated PHP Object Injection in SeaFood Company <= 1.4 versions. |
| Unauthenticated Local File Inclusion in Food Drop <= 1.3 versions. |
| Unauthenticated Arbitrary File Download in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site <= 1.0.7 versions. |
| Unauthenticated Local File Inclusion in Wanium <= 1.9.8 versions. |
| Subscriber Broken Access Control in Genemy <= 1.6.6 versions. |
| Unauthenticated Local File Inclusion in Kelly Young <= 1.1.0 versions. |
| Unauthenticated Local File Inclusion in Top Dog <= 1.0.5 versions. |
| Unauthenticated Local File Inclusion in Roneous <= 2.1.5 versions. |
| Unauthenticated Local File Inclusion in Truemag <= 4.3.14.2 versions. |
| Unauthenticated PHP Object Injection in Nifty <= 1.4.1 versions. |
| Unauthenticated Local File Inclusion in Thegov Core < 2.0.23 versions. |
| Unauthenticated Local File Inclusion in Integrio Core < 1.2.8 versions. |
| AVideo through version 25.0 contains an authentication bypass vulnerability in the decryptMessage.json.php endpoint that allows unauthenticated users to decrypt PGP messages. Remote attackers can submit private keys, ciphertext, and passphrases to perform server-side decryption without credentials, exposing key material to logs and enabling resource exhaustion attacks. |
| A vulnerability has been identified in centraldogma-server-mirror-git versions prior to 0.84.0, where the Git mirror SSH client does not verify remote host keys for git+ssh:// connections, allowing an on-path attacker to perform man-in-the-middle attacks and compromise mirrored repositories. |
| A vulnerability has been identified in centraldogma-server versions prior to 0.84.0, where enabling ZooKeeper replication without setting replication.secret causes the server to silently fall back to a hard-coded, publicly known secret. This default credential authenticates the embedded ZooKeeper ensemble, allowing an attacker with network access to read the full replication log or join the quorum and execute arbitrary replicated commands across the cluster. |