| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smackcoders SendGrid for WordPress allows SQL Injection.This issue affects SendGrid for WordPress: from n/a through 1.4. |
| A vulnerability classified as critical has been found in SourceCodester Electric Billing Management System 1.0. This affects an unknown part of the file /Actions.php?a=login. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. |
| The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the page parameter in all versions up to, and including, 3.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. |
| The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘selected_option’ parameter in all versions up to, and including, 3.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. |
| Incorrect Authorization vulnerability in Bit Apps Bit Form Pro bitformpro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bit Form Pro: from n/a through 2.6.4. |
| Path traversal in Samsung Notes prior to version 4.4.21.62 allows local attackers to execute arbitrary code. |
| An Authentication Bypass vulnerability exists in Flowise version 1.8.2. This could allow a remote, unauthenticated attacker to access API endpoints as an administrator and allow them to access restricted functionality. |
| Improper Export of Android Application Components in FeliCaTest prior to SMR Sep-2024 Release 1 allows local attackers to enable NFC configuration. |
| Memory request vulnerability in the memory management module
Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 stores potentially sensitive information in log files under certain situations that could be read by an authenticated user. IBM X-Force ID: 284868. |
| Access permission verification vulnerability in the ringtone setting module
Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| Access control vulnerability in the camera framework module
Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| Access permission verification vulnerability in the camera driver module
Impact: Successful exploitation of this vulnerability will affect availability. |
| Vulnerability of resources not being closed or released in the keystore module
Impact: Successful exploitation of this vulnerability will affect availability. |
| Access permission verification vulnerability in the WMS module
Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| Directory traversal vulnerability in the cust module
Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. |
| SuiteCRM is an open-source customer relationship management (CRM) system. Prior to version 7.14.5 and 8.6.2, insufficient access control checks allow a threat actor to delete records via the API. Versions 7.14.5 and 8.6.2 contain a patch for the issue. |
| Sourcecodehero Event Management System 1.0 allows Stored Cross-Site Scripting via parameters Full Name, Address, Email, and contact# in /clientdetails/admin/regester.php. |
| Sourcecodehero Event Management System1.0 is vulnerable to SQL Injection via the parameter 'username' in /event/admin/login.php. |
| MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 23.12.4.2, a threat actor can bypass the server-side request forgery protection on the whole website with DNS Rebinding. The vulnerability can also lead to denial of service. Version 23.12.4.2 contains a patch. |
