A vulnerability was found in Dataease SQLBot up to 1.5.1. This impacts the function validateEmbedded of the file backend/apps/system/middleware/auth.py of the component JWT Token Handler. Performing a manipulation results in improper verification of cryptographic signature. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is said to be difficult. The exploit has been made public and could be used. A comment in the source code warns use...
Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_category.php. [CVSS 2.7 LOW]
Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_stock.php. [CVSS 2.7 LOW]
Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_supplier.php. [CVSS 2.7 LOW]
Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_product.php. [CVSS 2.7 LOW]
Simple Online Men\'S Salon Management System versions up to 1.0 is affected by sql injection (CVSS 2.7).
Simple Online Men\'S Salon Management System versions up to 1.0 is affected by sql injection (CVSS 2.7).
Simple Online Men\'S Salon Management System versions up to 1.0 is affected by sql injection (CVSS 2.7).
Simple Online Men\'S Salon Management System versions up to 1.0 is affected by sql injection (CVSS 2.7).
Simple Logistic Hub Parcel\'S Management System versions up to 1.0 is affected by sql injection (CVSS 2.7).
SQL injection in itsourcecode College Management System 1.0 allows authenticated remote attackers to manipulate the course_code parameter in /admin/class-result.php and execute arbitrary SQL queries. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires high-level privileges but can be executed over the network with minimal complexity.
SQL injection in itsourcecode College Management System 1.0 via the roll_no parameter in /admin/student-fee.php allows authenticated administrators to execute arbitrary database queries remotely. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires high-level privileges but poses a risk to confidentiality, integrity, and availability of student records.
A weakness has been identified in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::binary_writer::append of the file source/detail/binary.hpp of the component Compound Document Parser. [CVSS 3.3 LOW]
An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. [CVSS 3.7 LOW]
Improper Locking vulnerability (CWE-667) in Gallagher Morpho integration allows a privileged operator to cause a limited denial-of-service in the Command Centre Server. [CVSS 2.5 LOW]
An issue was discovered in Nokia Impact before Mobile 23_FP1. In Impact DM 19.11 onwards, a remote authenticated user, using the Add Campaign functionality, can inject a malicious payload within the Campaign Name. [CVSS 2.0 LOW]
Versions of the package mailparser versions up to 3.9.3 is affected by cross-site scripting (xss) (CVSS 6.1).
Versions of the package @tootallnate/once before 3.0.1 are vulnerable to Incorrect Control Flow Scoping in promise resolving when AbortSignal option is used. The Promise remains in a permanently pending state after the signal is aborted, causing any await or .then() usage to hang indefinitely. This can cause a control-flow leak that can lead to stalled requests, blocked workers, or degraded app...
A vulnerability was determined in Tuya App and SDK 24.07.11 on Android. Affected by this vulnerability is an unknown functionality of the component JSON Data Point Handler. [CVSS 3.1 LOW]