CVE

Cross-Site Request Forgery (CSRF) vulnerability in Bernhard Kau Backend Localization plugin <= 2.1.10 versions.

Cross-Site Request Forgery (CSRF) vulnerability in Andres Felipe Perea V. CopyRightPro plugin <= 2.1 versions.

Cross-Site Request Forgery (CSRF) vulnerability in Bainternet ShortCodes UI plugin <= 1.9.8 versions.

The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /LogInOut.php endpoint. This is due to mishandling of shell meta-characters in the "un" parameter.

A vulnerability, which was classified as critical, has been found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. This issue affects some unknown processing of the file /sysmanage/updatelib.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-241643. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical has been found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. This affects an unknown part of the file /Tool/uploadfile.php. The manipulation of the argument file_upload leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-241641 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical was found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. This vulnerability affects unknown code of the file /useratte/userattestation.php. The manipulation of the argument web_img leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-241642 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Cross-Site Request Forgery (CSRF) vulnerability in Kvvaradha Kv TinyMCE Editor Add Fonts plugin <= 1.1 versions.

Cross-Site Request Forgery (CSRF) vulnerability in Keap Keap Landing Pages plugin <= 1.4.2 versions.

Information exposure vulnerability in Shenzhen Reachfar v28, the exploitation of which could allow a remote attacker to retrieve all the week's logs stored in the 'log2' directory. An attacker could retrieve sensitive information such as remembered wifi networks, sent messages, SOS device locations and device configurations.