EUVD-2024-43367

Malicious code in bioql PyPI...

EUVD-2024-52147

Malicious code in bioql PyPI...

EUVD-2023-12306

Malicious code in bioql PyPI...

CVE-2024-3636

The Pinpoint Booking System WordPress plugin before 2.9.9.4.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-49304

Cross-Site Request Forgery CSRF vulnerability in DOTonPAPER Pinpoint Booking System booking-system allows Stored XSS.This issue affects Pinpoint Booking System: from n/a through = 2.9.9.5.7...

CVE-2024-54252

Missing Authorization vulnerability in DOTonPAPER Pinpoint Booking System booking-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pinpoint Booking System: from n/a through = 2.9.9.5.7...

CVE-2023-38520

External Control of Assumed-Immutable Web Parameter vulnerability in PINPOINT.WORLD Pinpoint Booking System allows Functionality Misuse.This issue affects Pinpoint Booking System: from n/a through 2.9.9.3.4...

CVE-2023-0220

The Pinpoint Booking System WordPress plugin before 2.9.9.2.9 does not validate and escape one of its shortcode attributes before using it in a SQL statement, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks...

Security Bulletin: Trusteer Pinpoint affected by security vulnerability CVE-2020-4708

Summary Trusteer Pinpoint has addressed the issue. Vulnerability Details CVEID:CVE-2020-4708 DESCRIPTION: IBM Trusteer Pinpoint could disclose some information due to using a wildcard in the Access-Control-Allow-Origin header. CVSS Base score: 3.7 CVSS Temporal Score: See:...

AWS VDP: Amazon Pinpoint SMS and Voice, version 2 Service Reporting "AWS Internal" for CloudTrail Events Generated from FIPS Endpoints

The Amazon Pinpoint SMS and Voice, version 2 service was found to incorrectly report the user-agent and network information as "AWS Internal" for five specific API endpoints that are FIPS endpoints. This issue was discovered to be similar to a previous bug reported for the Comprehend Medical and...

com.navercorp.pinpoint:pinpoint-batch (>=3.0.0 <=3.0.5), com.navercorp.pinpoint:pinpoint-collector-starter (>=3.0.0 <=3.0.5) +44 more potentially affected by CVE-2024-56325 via org.apache.pinot:pinot-common (>=1.0.0 <=1.2.0)

org.apache.pinot:pinot-common MAVEN version =1.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.1, =3.0.1, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =2024.4.0, =2025.1.1 and more Source cves: CVE-2024-56325 Source advisory: SNYK:JAVA-ORGAPACHEPINOT-9637839...

com.navercorp.pinpoint:pinpoint-batch (>=3.0.0 <=3.0.5), com.navercorp.pinpoint:pinpoint-collector-starter (>=3.0.0 <=3.0.5) +65 more potentially affected by CVE-2024-56325 via org.apache.pinot:pinot-common (>=0.1.0 <=1.2.0)

org.apache.pinot:pinot-common MAVEN version =0.1.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.1, =3.0.1, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =2024.4.0, =2025.1.1 and more Source cves: CVE-2024-56325 Source advisory: OSV:GHSA-6JWP-4WVJ-6597...

CVE-2024-13235

The Pinpoint Booking System – 1 WordPress Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the 'language' parameter in all versions up to, and including, 2.9.9.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...

CVE-2024-13235

The Pinpoint Booking System – 1 WordPress Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the 'language' parameter in all versions up to, and including, 2.9.9.5.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...

CVE-2024-13235

CVE-2024-13235 – Pinpoint Booking System (WordPress) SQL Injection : Authenticated attackers with Subscriber+ access can exploit SQL injection via the language parameter in Pinpoint Booking System plugins, affecting versions up to 2.9.9.5.x (CVE wording varies; Patchstack notes 2.9.9.5.4 as fixed...

CVE-2024-13235 Pinpoint Booking System – #1 WordPress Booking Plugin <= 2.9.9.5.4 - Authenticated (Subscriber+) SQL Injection

The Pinpoint Booking System – 1 WordPress Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the 'language' parameter in all versions up to, and including, 2.9.9.5.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...

WordPress plugin Pinpoint Booking System SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerability...

PT-2025-7339 · WordPress · Pinpoint Booking System

Name of the Vulnerable Software and Affected Versions: The Pinpoint Booking System – 1 WordPress Booking Plugin versions up to, and including, 2.9.9.5.2 Description: The issue allows authenticated attackers with Subscriber-level access and above to perform SQL Injection via the language parameter...

CVE-2024-53815

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in DOTonPAPER Pinpoint Booking System booking-system allows Blind SQL Injection.This issue affects Pinpoint Booking System: from n/a through = 2.9.9.5.1...

CVE-2024-54252

Missing Authorization vulnerability in DOTonPAPER Pinpoint Booking System booking-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pinpoint Booking System: from n/a through = 2.9.9.5.7...