SQL injection vulnerability in PrestaShop opartdevis v.4.5.18 thru v.4.6.12 allows a remote attacker to execute arbitrary code via a crafted script to the getModuleTranslation function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the ssid parameter in the function form_fast_setting_wifi_set. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An authentication bypass vulnerability exists in Control iD iDSecure v4.7.32.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The WPB Show Core WordPress plugin through 2.2 is vulnerable to server-side request forgery (SSRF) via the `path` parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The Asgaros Forum WordPress plugin before 2.7.1 allows forum administrators, who may not be WordPress (super-)administrators, to set insecure configuration that allows unauthenticated users to upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The WPB Show Core WordPress plugin through 2.2 is vulnerable to a local file inclusion via the `path` parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Heap Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the schedStartTime parameter or the schedEndTime parameter in the function setSchedWifi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue in Tneda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the adslPwd parameter in the form_fast_setting_internet_set function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Arcserve UDP prior to 9.2 contains a path traversal vulnerability in com.ca.arcflash.ui.server.servlet.FileHandlingServlet.doUpload(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An authentication bypass exists in Arcserve UDP prior to version 9.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Arcserve UDP prior to 9.2 contained a vulnerability in the com.ca.arcflash.rps.webservice.RPSService4CPMImpl interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the devName parameter in the function formAddMacfilterRule. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Buffer Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the wpapsk_crypto parameter in the function fromSetWirelessRepeat. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability, which was classified as critical, was found in moses-smt mosesdecoder up to 4.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability classified as critical has been found in SourceCodester Free and Open Source Inventory Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in SourceCodester Free and Open Source Inventory Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
The 10Web Booster WordPress plugin before 2.24.18 does not validate the option name given to some AJAX actions, allowing unauthenticated users to delete arbitrary options from the database, leading. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to mistreatment of whitespace characters. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A code execution vulnerability exists in the Javascript saveAs API of Foxit Reader 12.1.3.15356. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles a signature field. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to a failure to properly validate a dangerous extension. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles 3D annotations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Improper authorization check and possible privilege escalation on Apache Superset up to but excluding 2.1.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability, which was classified as critical, has been found in Xiamen Four-Faith Video Surveillance Management System 2016/2017. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in Tecno 4G Portable WiFi TR118 TR118-M30E-RR-D-EnFrArSwHaPo-OP-V008-20220830. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
SQL Injection vulnerability in32ns KLive v.2019-1-19 and before allows a remote attacker to obtain sensitive information via a crafted script to the web/user.php component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The Job Manager & Career WordPress plugin before 1.4.4 contains a vulnerability in the Directory Listings system, which allows an unauthorized user to view and download private files of other users. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The Security & Malware scan by CleanTalk WordPress plugin before 2.121 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Tenda AX1803 v1.0.0.1 contains a stack overflow via the devName parameter in the function formSetDeviceName. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in SourceCodester Loan Management System 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in SourceCodester Loan Management System 1.0 and classified as critical.php of the component Loan Type Page. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability has been found in SourceCodester Loan Management System 1.0 and classified as critical. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in CSZCMS 1.3.0 and classified as critical. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The POST SMTP Mailer WordPress plugin before 2.7.1 does not escape email message content before displaying it in the backend, allowing an unauthenticated attacker to perform XSS attacks against. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The WassUp Real Time Analytics WordPress plugin through 1.9.4.5 does not escape IP address provided via some headers before outputting them back in an admin page, allowing unauthenticated users to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The Martins Free & Easy SEO BackLink Link Building Network WordPress plugin before 1.2.30 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The WP-UserOnline WordPress plugin before 2.88.3 does not sanitise and escape the X-Forwarded-For header before outputting its content on the page, which allows unauthenticated users to perform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The Woocommerce Vietnam Checkout WordPress plugin before 2.0.6 does not escape the custom shipping phone field no the checkout form leading to XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Cross Site Scripting vulnerability in smpn1smg absis v.2017-10-19 and before allows a remote attacker to execute arbitrary code via the nama parameter in the lock/lock.php file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in SourceCodester URL Shortener 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability has been found in SourceCodester Best Courier Management System 1.0 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability, which was classified as problematic, was found in SourceCodester Best Courier Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The kk Star Ratings WordPress plugin before 5.4.6 does not implement atomic operations, allowing one user vote multiple times on a poll due to a Race Condition. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
An issue in OwnCast v.0.1.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via the authHost parameter of the indieauth function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In the module "Product Catalog (CSV, Excel) Export/Update" (updateproducts) < 3.8.5 from MyPrestaModules for PrestaShop, a guest can perform SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Buffer overflow vulnerability in Frhed hex editor, affecting version 1.6.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability classified as critical was found in jeecgboot JimuReport up to 1.6.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.