Dark C0d3rs

Incorrect resource transfer between spheres issue exists in RevoWorks SCVX and RevoWorks Browser. If exploited, malicious files may be downloaded to the system where using the product.

Maximum CVSS Score : 2.7

Reference: You are not allowed to view links. Register or Login to view.

Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process.

Maximum CVSS Score : 8.4

Reference: You are not allowed to view links. Register or Login to view.

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.

Maximum CVSS Score : 0.0

Reference: You are not allowed to view links. Register or Login to view.

An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.

Maximum CVSS Score : 0.0

Reference: You are not allowed to view links. Register or Login to view.

The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Fancy Text, Countdown Widget, and Login Form shortcodes in all versions up to, and including, 3.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Maximum CVSS Score : 6.4

Reference: You are not allowed to view links. Register or Login to view.

Prior to 25.2, a local authenticated attacker can elevate privileges on a system with Privilege Management for Windows installed, via the manipulation of COM objects under certain circumstances where an EPM policy allows for automatic privilege elevation of a user process.

Maximum CVSS Score : 7.2

Reference: You are not allowed to view links. Register or Login to view.

An unauthenticated remote attacker can upload a .aspx file instead of a PV system picture through the demo account. The code can only be executed in the security context of the user.

Maximum CVSS Score : 6.5

Reference: You are not allowed to view links. Register or Login to view.

Out-of-bounds vulnerability in slope processing during curve rendering in Generic PCL6 V4 Printer Driver / Generic UFR II V4 Printer Driver / Generic LIPSLX V4 Printer Driver.

Maximum CVSS Score : 5.3

Reference: You are not allowed to view links. Register or Login to view.

Out-of-bounds vulnerability due to improper memory release during image rendering in Generic PCL6 V4 Printer Driver / Generic UFR II V4 Printer Driver / Generic LIPSLX V4 Printer Driver.

Maximum CVSS Score : 5.3

Reference: You are not allowed to view links. Register or Login to view.

Out-of-bounds vulnerability in curve segmentation processing of Generic PCL6 V4 Printer Driver / Generic UFR II V4 Printer Driver / Generic LIPSLX V4 Printer Driver.

Maximum CVSS Score : 5.3

Reference: You are not allowed to view links. Register or Login to view.

In wifi display, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed.

Maximum CVSS Score : 7.1

Reference: You are not allowed to view links. Register or Login to view.

The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-marker’ parameter in all versions up to, and including, 5.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Maximum CVSS Score : 6.4

Reference: You are not allowed to view links. Register or Login to view.

The R3W InstaFeed WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

Maximum CVSS Score : 0.0

Reference: You are not allowed to view links. Register or Login to view.

The CalendApp WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

Maximum CVSS Score : 0.0

Reference: You are not allowed to view links. Register or Login to view.

The Post Sync WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

Maximum CVSS Score : 0.0

Reference: You are not allowed to view links. Register or Login to view.

The Simple catalogue WordPress plugin through 1.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

Maximum CVSS Score : 0.0

Reference: You are not allowed to view links. Register or Login to view.

The WP Extra Fields WordPress plugin through 1.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

Maximum CVSS Score : 0.0

Reference: You are not allowed to view links. Register or Login to view.

The Om Stripe WordPress plugin through 02.00.00 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

Maximum CVSS Score : 0.0

Reference: You are not allowed to view links. Register or Login to view.

The NewsTicker WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

Maximum CVSS Score : 0.0

Reference: You are not allowed to view links. Register or Login to view.

The pushBIZ WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

Maximum CVSS Score : 0.0

Reference: You are not allowed to view links. Register or Login to view.