Allocation of Resources Without Limits or Throttling

Overview io.vertx:vertx-core is a tool-kit for building reactive applications on the JVM. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling during the TLS handshake process, where the SslContext cache can be forced to grow indefinitely. The...

@vevedh/bke-dsi-cacem (>=2.0.4 <=4.0.1), bke-dsi-cacem (>=0.0.1 <=2.0.4) potentially affected by CVE-2026-29793 via @feathersjs/mongodb (>=5.0.11 <=5.0.12)

@feathersjs/mongodb NPM version =5.0.11, =2.0.4, =0.0.1, =2.0.4 Source cves: CVE-2026-29793 Source advisory: SNYK:JS-FEATHERSJSMONGODB-15456216...

IBM Aspera Faspex 安全漏洞

IBM Aspera Faspex is an International Business Machines IBM solution for rapid global person-to-person document delivery and collaboration. A security vulnerability exists in IBM Aspera Faspex versions 5.0.0 through 5.0.12 that originates from HTML injection and could lead to malicious code...

PT-2025-22501 · Ibm · Ibm Aspera Faspex

Name of the Vulnerable Software and Affected Versions: IBM Aspera Faspex versions 5.0.0 through 5.0.12 Description: The issue allows an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to improper protection of assumed immutable data...

WordPress plugin SiteGround Optimizer 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

CVE-2024-8943

The LatePoint plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.0.12. This is due to insufficient verification on the user being supplied during the booking customer step. This makes it possible for unauthenticated attackers to log in as any existing...

CVE-2024-8943

CVE-2024-8943 affects the WordPress LatePoint plugin, versions up to and including 5.0.12, enabling an authentication bypass due to improper verification of the user supplied during the booking step. Unauthenticated attackers could log in as any existing user (e.g., an administrator) if the site ...

CVE-2024-8943 LatePoint <= 5.0.12 - Authentication Bypass

The LatePoint plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.0.12. This is due to insufficient verification on the user being supplied during the booking customer step. This makes it possible for unauthenticated attackers to log in as any existing...

WordPress LatePoint plugin <= 5.0.12 - Authentication Bypass vulnerability

Authentication Bypass vulnerability discovered by István Márton in WordPress Plugin LatePoint versions = 5.0.12...

WordPress plugin LatePoint 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress LatePoint Plugin <= 5.0.12 is vulnerable to Broken Authentication

Software LatePoint Type Plugin Vulnerable versions = 5.0.12 Fixed in 5.0.13 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-8943 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID f9b741b682a7 Credits István Márt...

PT-2024-39328

Name of the Vulnerable Software and Affected Versions: LatePoint plugin for WordPress versions up to, and including, 5.0.12 Description: The issue is related to insufficient verification of the user being supplied during the booking customer step, allowing unauthenticated attackers to log in as a...

CVE-2024-7304

The CVE-2024-7304 entry concerns the Ninja Tables – Easiest Data Table Builder WordPress plugin. A Stored Cross-Site Scripting (XSS) vulnerability exists via SVG file uploads in all versions up to and including 5.0.12, caused by insufficient input sanitization and output escaping. Exploitation re...

Boelter Blue System Management 1.3 - SQL Injection

Exploit Title: SQL Injection Vulnerability in Boelter Blue System Management version 1.3 Google Dork: inurl:"Powered by Boelter Blue" Date: 2024-06-04 Exploit Author: CBKB DeadlyData, R4d1x Vendor Homepage: https://www.boelterblue.com Software Link:...

Boelter Blue System Management 1.3 SQL Injection

Exploit Title: SQL Injection Vulnerability in Boelter Blue System Management version 1.3 Google Dork: inurl:"Powered by Boelter Blue" Date: 2024-06-04 Exploit Author: CBKB DeadlyData, R4d1x Vendor Homepage: https://www.boelterblue.com Software Link:...

PT-2024-19813 · Vite · Vite

Name of the Vulnerable Software and Affected Versions: Vite versions prior to 2.9.17 Vite versions prior to 3.2.8 Vite versions prior to 4.5.2 Vite versions prior to 5.0.12 Description: The Vite dev server option server.fs.deny can be bypassed on case-insensitive file systems using case-augmented...

Hospital Management System SQL注入漏洞

The Hospital Management System HMS is a computerized system that helps manage healthcare-related information and helps healthcare providers do their jobs efficiently. An SQL injection vulnerability exists in Free Hospital Management System for Small Practices version 1.0/5.0.12, which stems from...

PT-2023-29237 · Sourcecodester · Sourcecodester Free Hospital Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Free Hospital Management System for Small Practices versions 1.0 through 5.0.12 Description: A critical issue has been discovered, allowing for SQL injection through the manipulation of the id00, nic, oldemail, email, spec, and...

Jobpilot v2.61 - SQL Injection Vulnerability

Exploit Title: Jobpilot v2.61 - SQL Injection Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/jobpilot-job-portal-laravel-script/37897822 Demo Site: https://jobpilot.templatecookie.com Tested on: Kali Linux CVE: N/A ----- PoC: SQLi ----- Parameter: long GET Type: error-based...

Smart School 1.0 SQL Injection

Exploit Title: Smart School v1.0 - SQL Injection Date: 2023-05-17 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/smart-school-school-management-system/19426018 Demo Site: https://demo.smart-school.in Tested on: Kali Linux CVE: N/A Request POST /course/filterRecords/ HTTP/1....