CVE-2026-25329

Missing Authorization vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through = 10.3.4...

CVE-2026-25324 WordPress Quiz And Survey Master plugin <= 10.3.4 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through = 10.3.4...

CVE-2026-25329

CVE-2026-25329 : Missing Authorization in the WordPress plugin Quiz And Survey Master (quiz-master-next) up to version 10.3.4 — due to an incorrectly configured access control level that leads to a broken access control vulnerability. The available sources describe the issue but do not provide co...

WordPress plugin Quiz And Survey Master 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress Quiz And Survey Master plugin <= 10.3.4 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by johska in WordPress Plugin Quiz And Survey Master versions = 10.3.4...

CVE-2020-26713

REDCap 10.3.4 contains a XSS vulnerability in the ToDoList function with parameter sort. The information submitted by the user is immediately returned in the response and not escaped leading to the reflected XSS vulnerability. Attackers can exploit vulnerabilities to steal login session informati...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in command.go that allows a user to execute commands on archived channels. Remediation Upgrade github.com/mattermost/mattermost/server/channels/api4 to version 9.11.9-rc1, 10.3.4, 10.4.3 or higher. References -...

CVE-2024-33911

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Weblizar School Management Pro.This issue affects School Management Pro: from n/a through 10.3.4...

Exploit for SQL Injection in Weblizar School_Management

The School Management 10.3.4 - Post-Authenticated SQL Injectio...

CVE-2024-33911

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Weblizar School Management Pro.This issue affects School Management Pro: from n/a through 10.3.4...

WordPress The School Management Pro plugin <= 10.3.4 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Ivan Spiridonov Patchstack Alliance in WordPress Plugin School Management Pro versions = 10.3.4...

GitLab 8.4.x - 9.5.10, 10.x - 10.1.5, 10.2.x - 10.2.5, 10.3.x - 10.3.3 Path Traversal Vulnerability

GitLab is prone to a path traversal vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if description...

REDCap Cross-Site Scripting Vulnerability

REDCap is a data collection and management web application. REDCap 10.3.4 suffers from a cross-site scripting vulnerability that can be exploited by attackers to obtain sensitive information...

REDCap SQL Injection Vulnerability

REDCap is a data collection and management web application. REDCap 10.3.4 suffers from a SQL injection vulnerability that can be exploited by attackers to obtain sensitive information...

CVE-2019-17337 TIBCO Spotfire Server Library Vulnerable to Reflected Cross-Site Scripting

The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a vulnerability that theoretically allows an attacker to perform a reflected cross-site scripting XSS attack. Affected releases are TIBCO Software Inc.'...