| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Id_usuario' in ‘/evaluacion_acciones_ver_auto.aspx’, could allow an attacker to extract sensitive information from the database through external channels, without the affected application returning the data directly, compromising the confidentiality of the stored information. |
| Jirafeau normally prevents browser preview for text files due to the possibility that for example SVG and HTML documents could be exploited for cross site scripting. This was done by storing the MIME type of a file and allowing only browser preview for MIME types beginning with image (except for image/svg+xml, see CVE-2022-30110, CVE-2024-12326 and CVE-2025-7066), video and audio. However, it was possible to bypass this check by sending a manipulated HTTP request with an invalid MIME type like image. When doing the preview, the browser tries to automatically detect the MIME type resulting in detecting SVG and possibly executing JavaScript code. To prevent this, MIME sniffing is disabled by sending the HTTP header X-Content-Type-Options: nosniff. |
| The Change WP URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'change-wp-url' page. This makes it possible for unauthenticated attackers to change the WP Login URL via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. |
| The RegistrationMagic plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 6.0.7.4. This is due to missing nonce verification and capability checks on the rm_set_otp AJAX action handler. This makes it possible for unauthenticated attackers to modify arbitrary plugin settings, including reCAPTCHA keys, security settings, and frontend menu titles. |
| The Bitcoin Donate Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the settings page. This makes it possible for unauthenticated attackers to modify the plugin's settings, including donation addresses and display configurations, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. |
| The HTTP parser of Tapo C220 v1 and C520WS v2 cameras improperly handles requests containing an excessively long URL path. An invalid‑URL error path continues into cleanup code that assumes allocated buffers exist, leading to a crash and service restart. An unauthenticated attacker can force repeated service crashes or device reboots, causing denial of service. |
| Testa Online Test Management System 3.4.7 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'q' search parameter. Attackers can inject malicious SQL code in the search field to extract database information, potentially accessing sensitive user or system data. |
| Stored Cross-Site Scripting (XSS) vulnerability in the PDF file upload functionality of Live Helper Chat, versions prior to 4.72. An attacker can upload a malicious PDF file containing an XSS payload, which will be executed in the user's context when they download and open the file via the link generated by the application. The vulnerability allows arbitrary JavaScript code to be executed in the user's local context. |
| In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that could lead to remote code execution. |
| In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys. |
| The WPBITS Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widget parameters in versions up to, and including, 1.8 due to insufficient input sanitization and output escaping when dynamic content is enabled. This makes it possible for authenticated attackers with contributor-level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
| Gila CMS versions prior to 2.0.0 contain a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through manipulated HTTP headers. Attackers can inject PHP code in the User-Agent header with shell_exec() to run system commands by sending crafted requests to the admin endpoint. |
| Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via png_create_read_struct() function. |
| The Target Video Easy Publish plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘placeholder_img’ parameter in all versions up to, and including, 3.8.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
| The Simple calendar for Elementor plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.6.6. This is due to missing capability checks on the `miga_ajax_editor_cal_delete` function that is hooked to the `miga_editor_cal_delete` AJAX action with both authenticated and unauthenticated access enabled. This makes it possible for unauthenticated attackers to delete arbitrary calendar entries by sending a request with a valid nonce and the calendar entry ID. |
| The Document Embedder – Embed PDFs, Word, Excel, and Other Files plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.4. This is due to the plugin not verifying that a user has permission to access the requested resource in the 'bplde_save_document_library', 'bplde_get_single', and 'bplde_delete_document_library' AJAX actions. This makes it possible for authenticated attackers, with Author-level access and above, to read, modify, and delete Document Library entries created by other users, including administrators, via the 'id' parameter. |
| The SEO Links Interlinking plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'google_error' parameter in all versions up to, and including, 1.7.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. |
| NVIDIA runx contains a vulnerability where an attacker could cause a code injection. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. |
| An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Id_usuario' and 'Id_evaluacion’ in ‘/evaluacion_competencias_evalua_old.aspx’, could allow an attacker to extract sensitive information from the database through external channels, without the affected application returning the data directly, compromising the confidentiality of the stored information. |
| Default credentials vulnerability exists in SuprOS
product. If exploited, this could allow an authenticated
local attacker to use an admin account created during
product deployment. |
