Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to inject OS Commands which potentially leads to remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An issue was discovered in certain Verbatim drives through 2022-03-31. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue was discovered in certain Verbatim drives through 2022-03-31. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue was discovered in certain Verbatim drives through 2022-03-31. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The LiveSync for WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The Throws SPAM Away WordPress plugin before 3.3.1 does not have CSRF checks in place when deleting comments (either all, spam, or pending), allowing attackers to make a logged in admin delete. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The WP Simple Adsense Insertion WordPress plugin before 2.1 does not perform CSRF checks on updates to its admin page, allowing an attacker to trick a logged in user to manipulate ads and inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The Discy WordPress theme before 5.2 lacks CSRF checks in some AJAX actions, allowing an attacker to make a logged in admin change arbitrary 's settings including payment methods via a CSRF attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Das U-Boot 2022.01 has a Buffer Overflow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Use of a Broken or Risky Cryptographic Algorithm vulnerability in Air Conditioning System G-150AD Ver. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the ids from the bulk actions before using them in a SQL statement in an admin page, leading to an SQL injection. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the Update parameter before using it in a SQL statement when updating a note via the admin dashboard, leading to an SQL. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the id parameter before using it in various SQL statement via the admin dashboard, leading to SQL Injections. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The Logo Slider WordPress plugin through 1.4.8 does not sanitise and escape the lsp_slider_id parameter before using it in a SQL statement via the Manage Slider Images admin page, leading to an SQL. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The Five Minute Webshop WordPress plugin through 1.3.2 does not sanitise and escape the id parameter before using it in a SQL statement when editing a product via the admin dashboard, leading to an. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The Cube Slider WordPress plugin through 1.2 does not sanitise and escape the idslider parameter before using it in various SQL queries, leading to SQL Injections exploitable by high privileged users. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Dolibarr 12.0.5 is vulnerable to Cross Site Scripting (XSS) via Sql Error Page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
LibreHealth EHR Base 2.0.0 allows interface/main/finder/finder_navigation.php patient XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A Cross Site Scripting vulnerabilty exists in PartKeepr 1.4.0 via the 'name' field in /api/part_categories. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
As a result of an observable discrepancy in returned messages, OPSWAT MetaDefender Core (MDCore) before 5.1.2 could allow an authenticated user to enumerate filenames on the server. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.