CVE-2020-37057 Online-Exam-System 2015 - 'fid' SQL Injection

Online-Exam-System 2015 contains a SQL injection vulnerability in the feedback module that allows attackers to manipulate database queries through the 'fid' parameter. Attackers can inject malicious SQL code into the 'fid' parameter to potentially extract, modify, or delete database information...

CVE-2020-37057

CVE-2020-37057 affects Online-Exam-System 2015, where a SQL injection in the feedback module is triggered via the fid parameter. The root cause is unsafely constructed SQL queries allowing attackers to manipulate queries, potentially exfiltrate or modify data. CVSS metrics indicate a high-severit...

CVE-2020-37033

Infor Storefront B2B 1.0 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'usrname' parameter in login requests. Attackers can exploit the vulnerability by injecting malicious SQL code into the 'usrname' parameter to potentially extract or...

PT-2026-5476

Name of the Vulnerable Software and Affected Versions e-Learning PHP Script version 0.1.0 Description The software contains a SQL injection issue in the search functionality. Attackers can manipulate database queries through unvalidated user input. Specifically, malicious SQL code can be injected...

PT-2026-5493

Name of the Vulnerable Software and Affected Versions Online-Exam-System version 2015 Description The software contains a SQL injection issue within the feedback module. Attackers can manipulate database queries by injecting malicious SQL code through the fid parameter. This could allow attackers...

CVE-2020-37006

CVE-2020-37006 affects berliCRM 1.0.24, where a SQL injection vulnerability resides in the 'src_record' parameter. An attacker can craft a POST request to index.php to manipulate database queries and potentially extract or modify data. Affected component: src_record parameter handling in berliCRM...

CVE-2025-15511

The Rupantorpay plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handlewebhook function in all versions up to, and including, 2.0.0. This makes it possible for unauthenticated attackers to modify WooCommerce order statuses by sending...

EUVD-2025-206485

The Rupantorpay plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handlewebhook function in all versions up to, and including, 2.0.0. This makes it possible for unauthenticated attackers to modify WooCommerce order statuses by sending...

EUVD-2025-206384

The Link Invoice Payment for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the createPartialPayment and cancelPartialPayment functions in all versions up to, and including, 2.8.0. This makes it possible for unauthenticated...

WordPress plugin “Link Invoice Payment for WooCommerce” has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

openjdk: Improve HttpServer Request handling (Oracle CPU 2026-01)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17...

CVE-2025-70985

Incorrect access control in the update function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily modify data outside of their scope...

openjdk: Improve HttpServer Request handling (Oracle CPU 2026-01)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17...

openjdk: Improve JMX connections (Oracle CPU 2026-01)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: RMI. Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and...

openjdk: Improve HttpServer Request handling (Oracle CPU 2026-01)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17...

openjdk: Improve HttpServer Request handling (Oracle CPU 2026-01)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17...

CVE-2026-0593

The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the processBackgroundAction function in all versions up to, and including, 10.0.04. This makes it possible for authenticated attackers, with...

CVE-2026-1103

The AIKTP plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization checks on the /aiktp/getToken REST API endpoint in all versions up to, and including, 5.0.04. The endpoint uses the 'verifyuserloggedin' as a permission callback, which only checks if a...

CVE-2025-15516

The All-in-One Video Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxcallbackstoreusermeta function in versions 4.1.0 to 4.6.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...

CVE-2026-1103 AIKTP <= 5.0.04 - Missing Authorization to Authenticated (Subscriber+) Multiple Administrator Actions

The AIKTP plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization checks on the /aiktp/getToken REST API endpoint in all versions up to, and including, 5.0.04. The endpoint uses the 'verifyuserloggedin' as a permission callback, which only checks if a...