NVIDIA Triton Inference Server for Linux contains a vulnerability where a user can set the logging location to an arbitrary file. If this file exists, logs are appended to the file. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges,…

A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view/conversation_history_admin.php. The manipulation of the argument conversation_id leads to cross site scripti…

A vulnerability classified as problematic has been found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/create_events.php. The manipulation of the argument my_index leads to cross site scripting. It is possible to launch the attack re…

Stellar-core is a reference implementation for the peer-to-peer agent that manages the Stellar network. Prior to 20.4.0, core nodes could be randomly crashed due to a race condition with a 3rd party library. The likelihood of affecting the network is low since crashed nodes come back up online righ…

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /view/emarks_range_grade_update_form.php. The manipulation of the argument grade leads to cross site scripting. The attack…

The Porto Theme - Functionality plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.0 via the 'porto_portfolios' shortcode 'portfolio_layout' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions,…

The Advanced Ads plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.52.1 via deserialization of untrusted input in the 'placement_slug' parameter. This makes it possible for authenticated attackers to inject a PHP Object. No POP chain is present in th…

The Porto Theme - Functionality plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.0.9 via the 'slideshow_type' post meta. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitra…

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'save_post_materials' function in versions up to, and including, 4.2.6.5. This makes it possible for authenticated attackers, with Instructor-level permissio…

The ADFO – Custom data in admin dashboard plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dbp_id' parameter in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to i…