RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In versions prior to 0.22.0, the use of an insecure key generation algorithm in the API key and beta (assistant/agent share auth) token generation process allows...
Titra is open source project time tracking software. Prior to version 0.99.49, Titra allows any authenticated Admin user to modify the timeEntryRule in the database. The value is then passed to a NodeVM value...
Cowrie versions prior to 2.9.0 contain a server-side request forgery (SSRF) vulnerability in the emulated shell implementation of wget and curl. In the default emulated shell configuration, these command emulations perform real outbound HTTP...
RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In versions prior to 0.23.0, a low-privileged authenticated user (normal login account) can execute arbitrary system commands on the server host process via the frontend Canvas...
A security vulnerability has been detected in Uasoft badaso up to 2.9.7. Affected is the function forgetPassword of the file src/Controllers/BadasoAuthController.php of the component Token Handler. Such manipulation leads to weak password recovery. The...
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in osuthorpe Easy Social allows Reflected XSS.This issue affects Easy Social: from n/a through 1.3. More information : https://vdp.patchstack.com/database/wordpress/plugin/easy-social-media/vulnerability/wordpress-easy-social-plugin-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve
Missing Authorization vulnerability in merkulove Worker for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Worker for Elementor: from n/a through 1.0.10. More information : https://vdp.patchstack.com/database/wordpress/plugin/worker-elementor/vulnerability/wordpress-worker-for-elementor-plugin-1-0-10-broken-access-control-vulnerability?_s_id=cve
Missing Authorization vulnerability in merkulove Worker for WPBakery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Worker for WPBakery: from n/a through 1.1.1. More information : https://vdp.patchstack.com/database/wordpress/plugin/worker-wpbakery/vulnerability/wordpress-worker-for-wpbakery-plugin-1-1-1-broken-access-control-vulnerability?_s_id=cve
Missing Authorization vulnerability in merkulove Logger for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Logger for Elementor: from n/a through 1.0.9. More information : https://vdp.patchstack.com/database/wordpress/plugin/logger-elementor/vulnerability/wordpress-logger-for-elementor-plugin-1-0-9-broken-access-control-vulnerability?_s_id=cve
Missing Authorization vulnerability in merkulove Conformer for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Conformer for Elementor: from n/a through 1.0.7. More information : https://vdp.patchstack.com/database/wordpress/plugin/conformer-elementor/vulnerability/wordpress-conformer-for-elementor-plugin-1-0-7-broken-access-control-vulnerability?_s_id=cve
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Codedraft Mediabay – WordPress Media Library Folders allows Blind SQL Injection.This issue affects Mediabay – WordPress Media Library Folders: from...
Path Traversal: ‘…/…//’ vulnerability in AA-Team Pro Bulk Watermark Plugin for WordPress allows Path Traversal.This issue affects Pro Bulk Watermark Plugin for WordPress: from n/a through 2.0. More information : https://vdp.patchstack.com/database/wordpress/theme/pro-watermark/vulnerability/wordpress-pro-bulk-watermark-plugin-for-wordpress-2-0-path-traversal-vulnerability?_s_id=cve
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in AA-Team Amazon Affiliates Addon for WPBakery Page Builder (formerly Visual Composer) allows SQL Injection.This issue affects Amazon Affiliates Addon for...
Cross-Site Request Forgery (CSRF) vulnerability in Themefy Bloggie allows Reflected XSS.This issue affects Bloggie: from n/a through 2.0.8. More information : https://vdp.patchstack.com/database/wordpress/theme/bloggie/vulnerability/wordpress-bloggie-2-0-8-cross-site-scripting-xss-vulnerability?_s_id=cve