NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to modification of a host binary. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

Missing Authorization vulnerability in Rometheme RomethemeKit For Elementor. This issue affects RomethemeKit For Elementor: from n/a through 1.5.2.

Missing Authorization vulnerability in BdThemes Ultimate Store Kit Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ultimate Store Kit Elementor Addons: from n/a through 2.3.0.

The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'WPB_Profile_controller::handle_image_upload' function in versions up to, and including, 1.6.9. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

Missing Authorization vulnerability in ThimPress Thim Elementor Kit allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Thim Elementor Kit: from n/a through 1.2.8.

DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress Win 98SE Dev Kit installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.

DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress Dev Kit installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.

The RomethemeKit For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.5.2 via the register_controls function in widgets/offcanvas-rometheme.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.

The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to time-based SQL Injection via the Login Attempts module in all versions up to, and including, 3.0.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kopatheme Kopa Nictitate Toolkit allows Stored XSS.This issue affects Kopa Nictitate Toolkit: from n/a through 1.0.2.