SQL injection in SLIMS v.9.6.1 allows a remote attacker to escalate privileges via the month parameter in the visitor_report_day.php component. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Agito Computer Health4All allows SQL Injection.01.2025. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Agito Computer Life4All allows SQL Injection.01.2025. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in lizeipe Photo Gallery ( Responsive ) allows Privilege Escalation.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available (such as those with TeX Live installed). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jenst WP Sitemap allows SQL Injection.0. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user with the capability to compile or restore a program to gain elevated privileges due to an unqualified library call. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.
An improper input validation vulnerability was discovered in the NTP server configuration field of the Network-M2 card. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The question bank filter required additional sanitizing to prevent a reflected XSS risk. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Description information displayed in the site administration live log required additional sanitizing to prevent a stored XSS risk. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Files or Directories Accessible to External Parties vulnerability in Agito Computer Health4All allows Exploiting Incorrectly Configured Access Control Security Levels, Authentication Abuse.01.2025. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in cmstactics WP Video Posts allows OS Command Injection.5.1. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
An SQL injection risk was identified in the module list filter within course search. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.
In the Linux kernel, the following vulnerability has been resolved: IORING_OP_READ did not correctly consume the provided buffer list when read i/o returned < 0 (except for -EAGAIN and -EIOCBQUEUED. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in guelben Bravo Search & Replace allows Blind SQL Injection.0. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in vinagecko VG PostCarousel allows PHP Local File Inclusion.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.
Deserialization of Untrusted Data vulnerability in Nazmul Hasan Robin NHR Options Table Manager allows Object Injection.1.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Deserialization of Untrusted Data vulnerability in giuliopanda ADFO allows Object Injection.9.1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in revenueflex Auto Ad Inserter - Increase Google Adsense and Ad Manager Revenue allows Exploiting Incorrectly Configured Access Control Security Levels.5. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wumii team 无觅相关文章插件 allows Stored XSS.0.5.7. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in Nicolas GRILLET Woocommerce - Loi Hamon allows Stored XSS.1.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in gmnazmul Smart Maintenance & Countdown allows Stored XSS.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in Blighty Blightly Explorer allows Stored XSS.3.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in tiefpunkt Add Linked Images To Gallery allows Cross Site Request Forgery.4. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.