Ew-7438Rpn Mini Firmware versions up to 1.13 is affected by insufficiently protected credentials (CVSS 7.5).
The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. [CVSS 7.3 HIGH]
School Erp Pro versions up to 1.0 is affected by unrestricted upload of file with dangerous type (CVSS 7.2).
Victor CMS 1.0 contains a stored cross-site scripting vulnerability in the 'comment_author' POST parameter that allows attackers to inject malicious scripts. Attackers can submit crafted JavaScript payloads through the comment submission form to execute arbitrary code in victim browsers. [CVSS 7.2 HIGH]
GUnet OpenEclass 1.7.3 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through unvalidated parameters. [CVSS 7.1 HIGH]
Iccdev versions prior to 2.3.1.2 are vulnerable to denial of service when processing malformed ICC color profiles with invalid image encoding type values, causing application crashes due to type confusion. The vulnerability is remotely triggerable and public exploit code is available. A patch is available in version 2.3.1.2 and later.
PhpIX 2012 Professional contains a SQL injection vulnerability in the 'id' parameter of product_detail.php that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through the 'id' parameter to potentially extract or modify database information. [CVSS 7.1 HIGH]
PMB 5.6 contains a SQL injection vulnerability in the administration download script that allows authenticated attackers to execute arbitrary SQL commands through the 'logid' parameter. [CVSS 7.1 HIGH]
Fishing Reservation System 7.5 contains multiple remote SQL injection vulnerabilities in admin.php, cart.php, and calendar.php that allow attackers to inject malicious SQL commands. [CVSS 7.1 HIGH]
Booked Scheduler 2.7.7 contains a directory traversal vulnerability in the manage_email_templates.php script that allows authenticated administrators to access unauthorized files. [CVSS 6.5 MEDIUM]
A950Rg Firmware versions up to 4.1.2cu.5204_b20210112 is affected by classic buffer overflow (CVSS 6.5).
GUnet OpenEclass 1.7.3 stores user credentials in plaintext, allowing administrators to view all registered users' usernames and passwords without encryption. This vulnerability exposes sensitive information and increases the risk of credential theft and unauthorized access. [CVSS 6.5 MEDIUM]
Broken access control in Open eClass Platform versions prior to 4.2 allows authenticated students to create course units, a privilege normally reserved for instructors and administrators. An attacker with valid student credentials can escalate their capabilities within the platform by performing unauthorized administrative actions. Public exploit code exists for this vulnerability, and no patch is currently available.
Broken access control in Open eClass Platform before version 4.2 allows authenticated students to modify course content that should only be editable by instructors and administrators. Public exploit code exists for this vulnerability, and no patch is currently available for affected deployments. An attacker with valid student credentials can escalate their privileges to alter course materials and potentially disrupt educational content integrity.
The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. [CVSS 6.5 MEDIUM]
SQL injection in Django's PostGIS RasterField lookups allows authenticated attackers to execute arbitrary SQL commands through the band index parameter in affected versions 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. Unsupported Django series including 5.0.x, 4.1.x, and 3.2.x may also be vulnerable. A patch is available and authentication is required to exploit this vulnerability.
Easy Transfer 1.7 iOS mobile application contains a directory traversal vulnerability that allows remote attackers to access unauthorized file system paths without authentication. [CVSS 6.2 MEDIUM]
group description field of the admin edit groups section. Attackers can inject malicious JavaScript through the description field is affected by cross-site scripting (xss) (CVSS 6.4).
DotNetNuke 9.5 contains a persistent cross-site scripting vulnerability that allows normal users to upload malicious XML files with executable scripts through journal tools. [CVSS 6.4 MEDIUM]
Snipe-IT 4.7.5 contains a persistent cross-site scripting vulnerability that allows authorized users to upload malicious SVG files with embedded JavaScript. Attackers can craft SVG files with script tags to execute arbitrary JavaScript when the accessory is viewed by other users. [CVSS 6.4 MEDIUM]
Zendesk SweetHawk Survey 1.6 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through support ticket submissions. [CVSS 6.4 MEDIUM]
Creativeitem Academy LMS 7.0 contains reflected Cross-Site Scripting (XSS) vulnerabilities via the search parameter to the /academy/blogs endpoint, and the string parameter to the /academy/course_bundles/search/query endpoint. [CVSS 6.1 MEDIUM]
The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. [CVSS 6.1 MEDIUM]
The ZSPACE Q2C NAS contains a vulnerability related to incorrect symbolic link following. [CVSS 6.1 MEDIUM]
An Incorrect Symlink Follow vulnerability exists in multiple Yottamaster NAS devices, including DM2 (version equal to or prior to V1.9.12), DM3 (version equal to or prior to V1.9.12), and DM200 (version equal to or prior to V1.2.23) that could be exploited by attackers to leak or tamper with the internal file system. [CVSS 6.1 MEDIUM]
60CycleCMS 2.5.2 contains a cross-site scripting (XSS) vulnerability in news.php that allows attackers to inject malicious scripts through GET parameters. [CVSS 6.1 MEDIUM]
Arbitrary File Upload in podinfo thru 6.9.0 allows unauthenticated attackers to upload arbitrary files via crafted POST request to the /store endpoint. [CVSS 6.1 MEDIUM]
The ORICO NAS CD3510 (version V1.9.12 and below) contains an Incorrect Symlink Follow vulnerability that could be exploited by attackers to leak or tamper with the internal file system. [CVSS 6.1 MEDIUM]
FUXA v1.2.7 allows remote code execution through the project import functionality by importing crafted project files containing malicious code.
ASUSTOR ADM has an input validation vulnerability when joining AD Domain that allows unauthenticated attackers to compromise the NAS device.
PEAR PHP framework has a code execution vulnerability through unsafe use of preg_replace() that allows attackers to execute arbitrary PHP code.
PEAR PHP framework has a seventh SQL injection with higher EPSS (0.12%), indicating more active scanning for this particular injection vector.
FUXA v1.2.7 has an unrestricted file upload in the /api/upload endpoint that lacks authentication and file type validation, enabling web shell deployment on SCADA systems.
PEAR PHP framework has another SQL injection vulnerability prior to version 1.33.0, the sixth in a series of critical security flaws in the PHP component distribution system.
PEAR PHP framework prior to 1.33.0 has a fifth SQL injection vulnerability, part of a comprehensive security audit that found multiple injection points across the framework.
PEAR PHP framework has a second SQL injection vulnerability in a different code path, providing an alternate database compromise vector.
PEAR PHP framework prior to 1.33.0 has a SQL injection vulnerability allowing attackers to extract data from the component distribution database.
Fast DDS (eProsima) has a heap buffer overflow in its C++ DDS implementation that allows remote attackers to execute code through crafted DDS protocol messages.
Emit Informatics product has a SQL injection vulnerability allowing unauthenticated database compromise through unsanitized input parameters.
Rapid7 InsightVM before 8.34.0 has a SAML signature verification bypass (CVSS 9.6) allowing attackers to forge authentication assertions and gain unauthorized access.
Stored XSS in Craft Commerce's Order Status History Message (versions 4.0.0-RC1 through 4.10.0 and 5.0.0 through 5.5.1) allows authenticated attackers with database backup permissions to inject malicious scripts that execute in the context of other users' browsers. Public exploit code exists for this vulnerability, enabling attackers to exfiltrate sensitive data including user credentials, customer PII, order history, and 2FA recovery codes. Patches are available in versions 4.10.1 and 5.5.2.
Qwik JavaScript framework prior to 1.19.0 has a prototype pollution vulnerability that can lead to server-side code execution in SSR applications.
Open Eclass Platform versions up to 4.2 contains a vulnerability that allows attackers to identify valid user accounts by analyzing differences in the login response beha (CVSS 5.3).
FUXA v1.2.7 SCADA/HMI system has insecure default configuration with security disabled by default, exposing industrial control interfaces without authentication.
Maian Support Helpdesk 4.3 contains a cross-site request forgery vulnerability that allows attackers to create administrative accounts without authentication. [CVSS 5.3 MEDIUM]
ELECOM wireless LAN access point devices have a stack-based buffer overflow that allows remote attackers to execute code or crash the device via crafted packets.
Avation Light Engine Pro exposes its configuration and control interface without any authentication or access control.
Ew-7438Rpn Mini Firmware versions up to 1.13 is affected by cross-site request forgery (csrf) (CVSS 5.3).
MOMA Seismic Station v2.4.2520 exposes its web management interface without authentication, allowing unauthenticated control of seismological monitoring equipment.
PEAR PHP framework prior to 1.33.0 has a logic bug in the roadmap feature allowing unauthorized access through incorrect operator comparison.