| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A vulnerability, which was classified as critical, has been found in code-projects Job Recruitment 1.0. This issue affects some unknown processing of the file /activation.php. The manipulation of the argument e_hash leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. |
| The webreport generation feature in the Danfoss AK-EM100 allows an unauthorized actor to generate a web report that discloses sensitive information such as the internal IP address, usernames and internal device values. |
| The Danfoss AK-EM100 stores login credentials in cleartext. |
| The Danfoss AK-EM100 web applications allow for Reflected Cross-Site Scripting in the title parameter. |
| The Danfoss AK-EM100 web forms allow for SQL injection in the login forms. |
| The Danfoss AK-EM100 web applications allow for Local File Inclusion in the file parameter. |
| The Danfoss AK-EM100 web applications allow for Reflected Cross-Site Scripting. |
| Because of an authentication flaw an attacker would be capable of generating a web report that discloses sensitive information such as internal IP addresses, usernames, store names and other sensitive information. |
| loading template... |
| An issue was discovered in BMC Patrol before 22.1.00. The agent's configuration can be remotely queried. This configuration contains the Patrol account password, encrypted with a default AES key. This account can then be used to achieve remote code execution. |
| Memory safety bugs present in Firefox 111. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. |
| Auth. SQL Injection (SQLi) vulnerability in WP-TopBar <= 5.36 versions. |
| Local File Inclusion vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions. |
| SQL Injection vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions. |
| Cross-Site Request Forgery (CSRF) vulnerability in Aram Kocharyan Crayon Syntax Highlighter plugin <= 2.8.4 versions. |
| Cross-Site Request Forgery (CSRF) vulnerability in XootiX Side Cart Woocommerce (Ajax) < 2.1 versions. |
| Cross-Site Request Forgery (CSRF) vulnerability in WebMat Flexible Elementor Panel plugin <= 2.3.8 versions. |
| Cross-Site Request Forgery (CSRF) vulnerability in ThingsForRestaurants Quick Restaurant Reservations plugin <= 1.5.4 versions. |
| Cross-Site Request Forgery (CSRF) vulnerability in Thomas Belser Asgaros Forum plugin <= 2.2.0 versions. |
| Cross-Site Request Forgery (CSRF) vulnerability in SecondLineThemes Auto YouTube Importer plugin <= 1.0.3 versions. |
