| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in M. Tuhin Ultimate Push Notifications allows SQL Injection. This issue affects Ultimate Push Notifications: from n/a through 1.1.8. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFactory Advanced WooCommerce Product Sales Reporting allows SQL Injection. This issue affects Advanced WooCommerce Product Sales Reporting: from n/a through 3.1. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in M. Tuhin Ultimate Push Notifications allows Reflected XSS. This issue affects Ultimate Push Notifications: from n/a through 1.1.8. |
| Go-Guerrilla SMTP Daemon is a lightweight SMTP server written in Go. Prior to 1.6.7, when ProxyOn is enabled, the PROXY command will be accepted multiple times, with later invocations overriding earlier ones. The proxy protocol only supports one initial PROXY header; anything after that is considered part of the exchange between client and server, so the client is free to send further PROXY commands with whatever data it pleases. go-guerrilla will treat these as coming from the reverse proxy, allowing a client to spoof its IP address. This vulnerability is fixed in 1.6.7. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Fahad Mahmood Order Splitter for WooCommerce allows SQL Injection. This issue affects Order Splitter for WooCommerce: from n/a through 5.3.0. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michel - xiligroup dev xili-language allows Reflected XSS. This issue affects xili-language: from n/a through 2.21.2. |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in InfornWeb News & Blog Designer Pack allows PHP Local File Inclusion. This issue affects News & Blog Designer Pack: from n/a through 4.0. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Link Software LLC HTML Forms allows Stored XSS. This issue affects HTML Forms: from n/a through 1.5.1. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in enituretechnology Small Package Quotes – Worldwide Express Edition allows Reflected XSS. This issue affects Small Package Quotes – Worldwide Express Edition: from n/a through 5.2.18. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Coffee Code Tech Plugin Oficial – Getnet para WooCommerce allows Reflected XSS. This issue affects Plugin Oficial – Getnet para WooCommerce: from n/a through 1.7.3. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vikas Ratudi VForm allows Reflected XSS. This issue affects VForm: from n/a through 3.1.9. |
| Deserialization of Untrusted Data vulnerability in magepeopleteam WpTravelly allows Object Injection. This issue affects WpTravelly: from n/a through 1.8.7. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in emotionalonlinestorytelling Oracle Cards Lite allows Reflected XSS. This issue affects Oracle Cards Lite: from n/a through 1.2.1. |
| Cross Site Scripting vulnerability in arnog MathLive Versions v0.103.0 and before (fixed in 0.104.0) allows an attacker to execute arbitrary code via the MathLive function. |
|
Cloud Mobility for Dell EMC Storage, versions 1.3.0.X and below contains an Improper Check for Certificate Revocation vulnerability. A threat actor does not need any specific privileges to potentially exploit this vulnerability. An attacker could perform a man-in-the-middle attack and eavesdrop on encrypted communications from Cloud Mobility to Cloud Storage devices. Exploitation could lead to the compromise of secret and sensitive information, cloud storage connection downtime, and the integrity of the connection to the Cloud devices.
|
| The vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. That backup file might contain sensitive information like credentials and cryptographic material. A valid user has to create a backup after the last reboot for this attack to be successfull.
|
|
IBM Spectrum Virtualize 8.5, 8.4, 8.3, 8.2, and 7.8, under certain configurations, could disclose sensitive information to an attacker using man-in-the-middle techniques. IBM X-Force ID: 235408.
|
| A vulnerability classified as critical was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. This vulnerability affects unknown code of the file edit_case.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. |
| A buffer overflow in the SystemBootManagerDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code. |
| Cross-site Scripting (XSS) - Generic in GitHub repository builderio/qwik prior to 0.1.0-beta5. |
