Unauthenticated Cross Site Scripting (XSS) in MagOne <= 9.0 versions.
Unauthenticated Local File Inclusion in Getaway < 1.8 versions.
Subscriber Privilege Escalation in MultiLoca <= 4.2.15 versions.
Unauthenticated PHP Object Injection in Zermatt <= 1.6.1 versions.
Unauthenticated PHP Object Injection in Alloggio - Hotel Booking <= 2.1.2 versions.
Unauthenticated Local File Inclusion in Mikado Core <= 1.6 versions.
Unauthenticated PHP Object Injection in Elementra <= 1.0.9 versions.
Unauthenticated Local File Inclusion in Solene <= 3.4 versions.
Unauthenticated PHP Object Injection in Kapee < 1.7.0 versions.
Unauthenticated PHP Object Injection in EmallShop <= 2.4.21 versions.
Unauthenticated SQL Injection in ListingPro <= 2.9.10 versions.
Subscriber Arbitrary Content Deletion in WPAMS < 49.5.3 versions.
Unauthenticated Local File Inclusion in Softlab Core < 1.2.11 versions.
Unauthenticated Local File Inclusion in Integrio Core < 1.2.8 versions.
Unauthenticated Local File Inclusion in Thegov Core < 2.0.23 versions.
Unauthenticated Sensitive Data Exposure in Bricksforge <= 3.1.8.4 versions.
Incorrect Authorization vulnerability of `/v2` experimental interface in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue.
DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue.
A flaw was found in evolution-data-server. Inconsistent comparison logic in the addressbook file backend allows a Flatpak application with D-Bus access to craft a malicious URI containing directory traversal sequences. This URI is stored without proper validation during contact creation or modificat...
In Telecomm, there is a possible way to initiate an unauthorized phone call due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.