PT-2026-2301

Name of the Vulnerable Software and Affected Versions AbhishekMali21 GYM-MANAGEMENT-SYSTEM version 1.0 Description The application contains multiple SQL Injection flaws. These issues are present via the name parameter in the member search.php, trainer search.php, and gym search.php files, and via...

CVE-2025-67146

Multiple SQL Injection vulnerabilities exist in AbhishekMali21 GYM-MANAGEMENT-SYSTEM 1.0 via the 'name' parameter in 1 membersearch.php, 2 trainersearch.php, and 3 gymsearch.php, and via the 'id' parameter in 4 paymentsearch.php. An unauthenticated remote attacker can exploit these issues to inje...

EUVD-2026-1858

The miniOrange OTP Verification and SMS Notification for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the enablewcsmsnotification AJAX action in all versions up to, and including, 4.3.8. This makes it possible for...

CVE-2025-14948 miniOrange OTP Verification and SMS Notification for WooCommerce <= 4.3.8 - Missing Authorization to Unauthenticated Notification Settings Modification

The miniOrange OTP Verification and SMS Notification for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the enablewcsmsnotification AJAX action in all versions up to, and including, 4.3.8. This makes it possible for...

CVE-2025-14886

The Japanized for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the order REST API endpoint in all versions up to, and including, 2.7.17. This makes it possible for unauthenticated attackers to mark any WooCommerce order a...

CVE-2026-22197

GestSup versions prior to 3.2.60 contain multiple SQL injection vulnerabilities in the asset list functionality. Multiple request parameters used to filter, search, or sort assets are incorporated into SQL queries without sufficient neutralization, allowing an authenticated attacker to manipulate...

CVE-2026-22197 GestSup < 3.2.60 Multiple SQL Injections in Asset List

GestSup versions prior to 3.2.60 contain multiple SQL injection vulnerabilities in the asset list functionality. Multiple request parameters used to filter, search, or sort assets are incorporated into SQL queries without sufficient neutralization, allowing an authenticated attacker to manipulate...

CVE-2026-22195

GestSup is affected by a SQL injection in the search bar for versions up to 3.2.60 (and affected up to 3.2.56 in some feeds). The vulnerability arises because user-controlled input in the search functionality is interpolated into SQL queries without sufficient neutralization, enabling an authenti...

CVE-2026-22195 GestSup < 3.2.60 SQL Injection in Search Bar

GestSup versions prior to 3.2.60 contain a SQL injection vulnerability in the search bar functionality. User-controlled search input is incorporated into SQL queries without sufficient neutralization, allowing an authenticated attacker to manipulate database queries. Successful exploitation can...

CVE-2023-29732

SoLive 1.6.14 thru 1.6.20 for Android exists exposed component, the component provides the method to modify the SharedPreference file. The attacker can use the method to modify the data in any SharedPreference file, these data will be loaded into the memory when the application is opened. Dependi...

CVE-2021-27701

SOCIFI Socifi Guest wifi as SAAS is affected by Cross Site Request Forgery CSRF via the Socifi wifi portal. The application does not contain a CSRF token and request validation. An attacker can Add/Modify any random user data by sending a crafted CSRF request...

CVE-2021-2149

Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems component: Core. The supported version that is affected is 8.8. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit executes to...

CVE-2022-23241

Clustered Data ONTAP versions 9.11.1 through 9.11.1P2 with SnapLock configured FlexGroups are susceptible to a vulnerability which could allow an authenticated remote attacker to arbitrarily modify or delete WORM data prior to the end of the retention period...

CVE-2019-2934

Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications. The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker having Admin - Configuration privilege with network access via HTTP ...

CVE-2020-10800

lix through 15.8.7 allows man-in-the-middle attackers to execute arbitrary code by modifying the HTTP client-server data stream so that the Location header is associated with attacker-controlled executable content in the postDownload field...

CVE-2023-4730

The LadiApp plugn for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the initendpoint function hooked via 'init' in versions up to, and including, 4.3. This makes it possible for unauthenticated attackers to modify a variety of settings. An...

CVE-2023-4024

The Radio Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deleteplayer function in versions up to, and including, 2.0.73. This makes it possible for unauthenticated attackers to delete player instances...

CVE-2018-10622

Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format. An attacker can use these credentials to modify encrypted drive data...

CVE-2021-27601

SAP NetWeaver AS Java Applications based on HTMLB for Java allows a basic-level authorized attacker to store a malicious file on the server. When a victim tries to open this file, it results in a Cross-Site Scripting XSS vulnerability and the attacker can read and modify data. However, the attack...

CVE-2021-2455

Vulnerability in the PeopleSoft Enterprise HCM Shared Components product of Oracle PeopleSoft component: Person Search. The supported version that is affected is 9.2. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise...