Multi Store Inventory Management System v1.0 was discovered to contain an information disclosure vulnerability which allows attackers to access sensitive...
7.5CVSS
7.2AI Score
0.001EPSS
Multi Store Inventory Management System v1.0 allows attackers to perform an account takeover via a crafted POST...
9.8CVSS
9.2AI Score
0.003EPSS
7.2CVSS
7.4AI Score
0.001EPSS
9.8CVSS
9.8AI Score
0.002EPSS
7.2CVSS
7.4AI Score
0.001EPSS
7.2CVSS
7.4AI Score
0.001EPSS
7.2CVSS
7.4AI Score
0.001EPSS
7.2CVSS
7.4AI Score
0.001EPSS
9.8CVSS
9.8AI Score
0.002EPSS
7.2CVSS
7.4AI Score
0.001EPSS
9.8CVSS
9.8AI Score
0.002EPSS
7.2CVSS
7.4AI Score
0.001EPSS
9.8CVSS
9.8AI Score
0.002EPSS
7.2CVSS
7.4AI Score
0.001EPSS
9.8CVSS
9.8AI Score
0.002EPSS
9.8CVSS
9.8AI Score
0.002EPSS
6.5CVSS
6.4AI Score
0.001EPSS
9.8CVSS
9.8AI Score
0.002EPSS
Improper input validation vulnerability in InstallAgent in Galaxy Store prior to version 4.5.41.8 allows attacker to overwrite files stored in a specific path. The patch adds proper protection to prevent overwrite to existing...
6.2CVSS
5.4AI Score
0.0004EPSS
An intent redirection vulnerability in the Mi App Store product. This vulnerability is caused by the Mi App Store does not verify the validity of the incoming data, can cause the app store to automatically download and install...
6.1CVSS
6.1AI Score
0.001EPSS
A business logic vulnerability exists in Mi App Store. The vulnerability is caused by incomplete permission checks of the products being bypassed, and an attacker can exploit the vulnerability to perform a local silent...
5.5CVSS
5.4AI Score
0.0004EPSS
Path traversal vulnerability in unzip method of InstallAgentCommonHelper in Galaxy store prior to version 4.5.40.5 allows attacker to access the file of Galaxy...
6.2CVSS
5.4AI Score
0.0004EPSS
Improper access control vulnerability in Galaxy Store prior to version 4.5.36.4 allows attacker to install applications from Galaxy Store without user...
7.8CVSS
7.5AI Score
0.0004EPSS
Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.40.5 allows local attackers to access privileged content providers as Galaxy Store...
6.8CVSS
5.3AI Score
0.0004EPSS
The test parameter of the xmlfeed in the Tradetracker-Store WordPress plugin before 4.6.60 is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL...
7.2CVSS
7.2AI Score
0.001EPSS
Medical Store Management System v1.0 was discovered to contain a SQL injection vulnerability via the cid parameter under...
9.8CVSS
9.8AI Score
0.002EPSS
Cosmetics and Beauty Product Online Store v1.0 was discovered to contain multiple reflected cross-site scripting (XSS) attacks via the search parameter under the /cbpos/...
9.6CVSS
8.6AI Score
0.002EPSS
Cosmetics and Beauty Product Online Store v1.0 was discovered to contain a SQL injection vulnerability via the search...
9.8CVSS
9.8AI Score
0.002EPSS
The ExportFeed WordPress plugin through 2.0.1.0 does not sanitise and escape the product_id POST parameter before using it in a SQL statement, leading to a SQL injection vulnerability exploitable by high privilege...
7.2CVSS
7AI Score
0.001EPSS
Numerous Plugins and Themes from the AccessPress Themes (aka Access Keys) vendor are backdoored due to their website being compromised. Only plugins and themes downloaded via the vendor website are affected, and those hosted on wordpress.org are not. However, all of them were updated or removed to....
9.8CVSS
9.4AI Score
0.004EPSS
The Form Store to DB WordPress plugin before 1.1.1 does not sanitise and escape parameter keys before outputting it back in the created entry, allowing unauthenticated attacker to perform Cross-Site Scripting attacks against...
6.1CVSS
6.1AI Score
0.001EPSS
The WooCommerce Stored Exporter WordPress plugin before 2.7.1 was affected by a Reflected Cross-Site Scripting (XSS) vulnerability in the woo_ce admin...
6.1CVSS
5.9AI Score
0.001EPSS
The Store Toolkit for WooCommerce WordPress plugin before 2.3.2 does not sanitise and escape the tab parameter before outputting it back in an admin page in an error message, leading to a Reflected Cross-Site...
6.1CVSS
6AI Score
0.001EPSS
Improper authorization vulnerability in Galaxy Store prior to 4.5.36.5 allows remote app installation of the...
7.5CVSS
7.5AI Score
0.001EPSS
Projectsworlds Online Book Store PHP v1.0 is vulnerable to SQL injection via the "bookisbn" parameter in...
9.8CVSS
9.8AI Score
0.002EPSS
In ProjectWorlds Online Book Store PHP 1.0 a CSRF vulnerability in admin_delete.php allows a remote attacker to delete any...
6.5CVSS
6.4AI Score
0.001EPSS
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue...
The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was...
7.5CVSS
6.6AI Score
0.019EPSS
A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the plugin_offline_installer AJAX action due to a missing capability check in the plugin_offline_installer_callback function found in the /demo-functions.php file or...
8.8CVSS
8.4AI Score
0.006EPSS
Intent redirection vulnerability in SamsungAccountSDKSigninActivity of Galaxy Store prior to version 4.5.32.4 allows attacker to access content provider of Galaxy...
7.1CVSS
5.4AI Score
0.0004EPSS
The Bitcoin / AltCoin Payment Gateway for WooCommerce WordPress plugin before 1.6.1 does not escape the 's' GET parameter before outputting back in the All Masking Rules page, leading to a Reflected Cross-Site Scripting...
6.1CVSS
6.1AI Score
0.001EPSS
The Shopping Cart & eCommerce Store WordPress plugin is vulnerable to Cross-Site Request Forgery via the save_currency_settings function found in the ~/admin/inc/wp_easycart_admin_initial_setup.php file which allows attackers to inject arbitrary web scripts, in versions up to and including...
8.8CVSS
8.6AI Score
0.001EPSS
Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option......
8.3CVSS
8.5AI Score
0.013EPSS
When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives.....
5.5CVSS
5.7AI Score
0.001EPSS
When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prior to 1.9.16 and 1.10.11 were...
5.5CVSS
5.9AI Score
0.001EPSS
The catID parameter in Pharmacy Medical Store and Sale Point v1.0 has been found to be vulnerable to a Time-Based blind SQL injection via the /medical/inventories.php path which allows attackers to retrieve all...
7.5CVSS
7.9AI Score
0.014EPSS
There are several endpoints in the Store Locator Plus for WordPress plugin through 5.5.15 that could allow unauthenticated attackers the ability to inject malicious JavaScript into...
6.1CVSS
6.3AI Score
0.001EPSS
There is functionality in the Store Locator Plus for WordPress plugin through 5.5.14 that made it possible for authenticated users to update their user meta data to become an administrator on any site using the...
8.8CVSS
8.5AI Score
0.001EPSS
SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_delete.php, which could let a remote malicious user execute arbitrary...
9.8CVSS
9.8AI Score
0.002EPSS
Incorrect Access Control vulnerability in Online Book Store v1.0 via admin_verify.php, which could let a remote mailicious user bypass authentication and obtain sensitive...
9.8CVSS
9.4AI Score
0.004EPSS