| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Authentication Bypass by Assumed-Immutable Data vulnerability in Digital Operation Services WiFiBurada allows Manipulating User-Controlled Variables.
This issue affects WiFiBurada: before 1.0.5. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oceanic Software ValeApp allows SQL Injection.
This issue affects ValeApp: before v2.0.0. |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Oceanic Software ValeApp allows Stored XSS.
This issue affects ValeApp: before v2.0.0. |
| Insertion of Sensitive Information into Log File vulnerability in Oceanic Software ValeApp allows Query System for Information.
This issue affects ValeApp: before v2.0.0. |
| Session Fixation vulnerability in Oceanic Software ValeApp allows Brute Force, Session Hijacking.
This issue affects ValeApp: before v2.0.0. |
| Cleartext Storage of Sensitive Information in a Cookie vulnerability in Oceanic Software ValeApp allows Protocol Manipulation, : JSON Hijacking (aka JavaScript Hijacking).
This issue affects ValeApp: before v2.0.0. |
| Execution with Unnecessary Privileges, : Improper Protection of Alternate Path vulnerability in TR7 Application Security Platform (ASP) allows Privilege Escalation, -Privilege Abuse.
This issue affects Application Security Platform (ASP): v1.4.25.188. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Arne Informatics Piramit Automation allows Blind SQL Injection.
This issue affects Piramit Automation: before 27.09.2024. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mobil365 Informatics Saha365 App allows SQL Injection.
This issue affects Saha365 App: before 30.09.2024. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Vestel EVC04 Configuration Interface allows SQL Injection.
This issue affects EVC04 Configuration Interface: before V3.187, V4.53. |
| External Control of File Name or Path, : Incorrect Permission Assignment for Critical Resource vulnerability in Olgu Computer Systems e-Belediye allows Manipulating Web Input to File System Calls.
This issue affects e-Belediye: before 2.0.642. |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Bna Informatics PosPratik allows XSS Through HTTP Query Strings.
This issue affects PosPratik: before v3.2.1. |
| The Google Plus One Bottom plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.0.2. This is due to missing or incorrect nonce validation on the googlePlusOneAdmin function. This makes it possible for unauthenticated attackers to modify the plugin's settings, including the plusone-lang, plusone-callback, and plusone-url options stored in the database via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. |
| The BirdSeed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing nonce validation in the birdseed_plugin_settings_page() function. The function processes the 'birdseed_token' GET parameter and saves it to the database via update_option() without verifying a nonce. This makes it possible for unauthenticated attackers to change the plugin's BirdSeed token setting via a forged request, granted they can trick a site administrator into performing an action such as clicking a link. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TRtek Software Distant Education Platform allows SQL Injection, Parameter Injection.
This issue affects Distant Education Platform: before 3.2024.11. |
| Information Disclosure when processing advertisement frames with malformed MBSSID elements of insufficient length. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wind Media E-Commerce Website Template allows SQL Injection.
This issue affects E-Commerce Website Template: before v1.5. |
| Use of Hard-coded Credentials, Storage of Sensitive Data in a Mechanism without Access Control vulnerability in E-Kent Pallium Vehicle Tracking allows Authentication Bypass.
This issue affects Pallium Vehicle Tracking: before 17.10.2024. |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AirTies Air4443 Firmware allows Cross-Site Scripting (XSS).
This issue affects Air4443 Firmware: through 14102024.
NOTE: The vendor was contacted and it was learned that the product classified as End-of-Life and End-of-Support. |
| Authorization Bypass Through User-Controlled Key vulnerability in NextGeography NG Analyser allows Functionality Misuse.
This issue affects NG Analyser: before 2.2.711. |
