CVE-2021-33484

An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. An attacker can download a copy of the installer, decompile it, and discover a hardcoded IV used to encrypt the username and userid in the comment POST request. Additionally, the attacker can decrypt the encrypted...

CVE-2021-33738

A vulnerability has been identified in JT2Go All versions V13.2.0.2, Teamcenter Visualization All versions V13.2.0.2. The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds read past th...

CVE-2021-28374

The Debian courier-authlib package before 0.71.1-2 for Courier Authentication Library creates a /run/courier/authdaemon directory with weak permissions, allowing an attacker to read user information. This may include a cleartext password in some configurations. In general, it includes the user's...

CVE-2021-22678

Cscape All versions prior to 9.90 SP4 lacks proper validation of user-supplied data when parsing project files. This could lead to memory corruption. An attacker could leverage this vulnerability to execute code in the context of the current process...

CVE-2022-38400

Mailform Pro CGI 4.3.1 and earlier allow a remote unauthenticated attacker to obtain the user input data by having a use of the product to access a specially crafted URL...

CVE-2022-23052

PeteReport Version 0.5 contains a Cross Site Request Forgery CSRF vulnerability allowing an attacker to trick users into deleting users, products, reports and findings on the application...

CVE-2022-0739

The BookingPress WordPress plugin before 1.0.11 fails to properly sanitize user supplied POST data before it is used in a dynamically constructed SQL query via the bookingpressfrontgetcategoryservices AJAX action available to unauthenticated users, leading to an unauthenticated SQL Injection...

CVE-2022-0147

The Cookie Information | Free GDPR Consent Solution WordPress plugin before 2.0.8 does not escape user data before outputting it back in attributes in the admin dashboard, leading to a Reflected Cross-Site Scripting issue...

CVE-2022-26694

This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4. A plug-in may be able to inherit the application's permissions and access user data...

CVE-2022-35293

Due to insecure session management, SAP Enable Now allows an unauthenticated attacker to gain access to user's account. On successful exploitation, an attacker can view or modify user data causing limited impact on confidentiality and integrity of the application...

CVE-2017-18680

An issue was discovered on Samsung mobile devices with L5.0/5.1 and M6.0 tablets software. The lockscreen interface allows Add User actions, leading to an unintended ability to access user data in external storage. The Samsung ID is SVE-2016-7797 March 2017...

CVE-2019-18345

A reflected XSS issue was discovered in DAViCal through 1.1.8. It echoes the action parameter without encoding. If a user visits an attacker-supplied link, the attacker can view all data the attacked user can view, as well as perform all actions in the name of the user. If the user is an...

CVE-2020-7964

An issue was discovered in Mirumee Saleor 2.x before 2.9.1. Incorrect access control in the checkoutCustomerAttach mutations allows attackers to attach their checkouts to any user ID and consequently leak user data e.g., name, address, and previous orders of any other customer...

CVE-2020-10644

The affected product lacks proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway versions prior to 8.0.10 and Ignition 7 Gateway versions prior to 7.9.14, allowing an attacker to obtain sensitive information...

CVE-2020-10611

Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers to execute arbitrary code due to the lack of proper validation of user-supplied data, which can result in a type confusion condition. Authentication is not required to exploit this...

CVE-2020-10615

Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers cause a denial-of-service condition due to a lack of proper validation of the length of user-supplied data, prior to copying it to a fixed-length stack-based buffer. Authentication ...

CVE-2025-13493

The Latest Registered Users plugin for WordPress is vulnerable to unauthorized user data export in all versions up to, and including, 1.4. This is due to missing authorization and nonce validation in the rndhandleformsubmit function hooked to both adminpostmysimpleform and...

CVE-2022-0236

The WP Import Export WordPress plugin both free and premium versions is vulnerable to unauthenticated sensitive data disclosure due to a missing capability check on the download function wpieprocessfiledownload found in the /includes/classes/class-wpie-general.php file. This made it possible for...

CVE-2019-18339

A vulnerability has been identified in SiNVR/SiVMS Video Server All versions V5.0.0. The HTTP service default port 5401/tcp of the SiVMS/SiNVR Video Server contains an authentication bypass vulnerability, even when properly configured with enforced authentication. A remote attacker with network...

CVE-2024-39881

Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a memory corruption condition. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process...