The WP-Advanced-Search WordPress plugin before 3.3.9.2 does not sanitize and escape the t parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed SAML SSO authentication to be bypassed resulting in unauthorized provisioning. Rated critical severity (CVSS 9.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
A vulnerability, which was classified as critical, has been found in D-Link DIR-619L B1 2.06. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability classified as critical was found in D-Link DIR-619L B1 2.06. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability classified as critical has been found in D-Link DIR-619L B1 2.06. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in D-Link DIR-619L B1 2.06. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in D-Link DIR-619L B1 2.06. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
SQL injection in the TS Poll WordPress plugin (versions up to and including 2.4.0) allows authenticated attackers with Administrator-level access to append arbitrary SQL queries via the 'orderby' parameter, enabling extraction of sensitive database contents. Publicly available exploit code exists, though the high-privilege requirement (PR:H) limits practical impact, and EPSS sits at 2.11% (84th percentile) indicating modest but non-trivial exploitation interest. No public exploit identified as actively used in the wild - not listed in CISA KEV.
The TI WooCommerce Wishlist WordPress plugin through 2.8.2 is vulnerable to SQL Injection due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability classified as critical has been found in SourceCodester Online Veterinary Appointment System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability, which was classified as critical, was found in Codezips Pharmacy Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability, which was classified as critical, has been found in Codezips Pharmacy Management System 1.0.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability classified as critical was found in code-projects Crud Operation System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability classified as critical has been found in code-projects Restaurant Reservation System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability, which was classified as critical, was found in code-projects Blood Bank System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Authd, through version 0.3.6, did not sufficiently randomize user IDs to prevent collisions. Rated medium severity (CVSS 6.4). Public exploit code available and no vendor patch available.
Gradio is an open-source Python package designed for quick prototyping. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Deserialization of Untrusted Data vulnerability in eyecix JobSearch wp-jobsearch allows Object Injection.5.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The SEUR plugin, in its versions prior to 2.5.11, is vulnerable to time-based SQL injection through the use of the ‘id_order’ parameter of the ‘/modules/seur/ajax/saveCodFee.php’ endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The UserPlus plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0 due to insufficient restriction on the 'form_actions' and 'userplus_update_user_profile'. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
ITS dissector crash in Wireshark 4.4.0 allows denial of service via packet injection or crafted capture file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
In version v0.3.8 of open-webui/open-webui, a vulnerability exists where a token is returned when a user with a pending role logs in. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
In version v0.3.8 of open-webui, an improper privilege management vulnerability exists in the API endpoints GET /api/v1/documents/ and POST /rag/api/v1/doc. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in code-projects Blood Bank System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in SourceCodester Record Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability has been found in Craig Rodway Classroombookings up to 2.8.6 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in code-projects Blood Bank System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in code-projects Blood Bank Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability has been found in SourceCodester Profile Registration without Reload Refresh 1.0 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability, which was classified as critical, has been found in Codezips Online Shopping Portal 1.0.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability classified as critical was found in Tenda AC1206 up to 15.03.06.23. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in Codezips Tourist Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability has been found in Codezips Tourist Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in Craig Rodway Classroombookings 2.8.7 and classified as problematic. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in code-projects Blood Bank System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in LyLme_spage 1.9.5. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in LyLme_spage 1.9.5 and classified as critical.php. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability has been found in LyLme_spage 1.9.5 and classified as critical. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits "sig.S().gte(sig.eddsa.curve.n) || sig.S().isNeg()" validation. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in a security feature bypass. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The WP Users Masquerade plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Delta Electronics CNCSoft-G2 lacks proper initialization of memory prior to accessing it. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a write past the end of an allocated object. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Gradio is an open-source Python package designed for quick prototyping. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.