Confd log files contain local users’, including root’s, SHA512crypt password hashes with insecure access permissions. This allows a local attacker to attempt off-line brute-force attacks…

A Cross-Site Request Forgery (CSRF) in Chamilo LMS 1.11.14 allows attackers to execute arbitrary commands on victim hosts via user interaction with a crafted URL.…

Chamilo LMS v1.11.14 was discovered to contain a zero click code injection vulnerability which allows attackers to execute arbitrary code via a crafted plugin. This…

An access control issue in the authentication module of Lexar_F35 v1.0.34 allows attackers to access sensitive data and cause a Denial of Service (DoS). An…

The Amelia WordPress plugin before 1.0.47 does not sanitize and escape the code parameter before outputting it back in an admin page, leading to a…

The Mega Menu WordPress plugin before 3.0.8 does not sanitize and escape the _wpnonce parameter before outputting it back in an admin page, leading to…

The Pricing Table Builder WordPress plugin before 1.1.5 does not sanitize and escape the postid parameter before outputting it back in an admin page, leading…

The Simple Membership WordPress plugin before 4.1.0 does not have CSRF check in place when deleting Transactions, which could allow attackers to make a logged…

The Amelia WordPress plugin before 1.0.47 stores image blobs into actual files whose extension is controlled by the user, which may lead to PHP backdoors…

The Advanced Booking Calendar WordPress plugin before 1.7.0 does not validate and escape the calendar parameter before using it in a SQL statement via the…