PT-2025-38255

Name of the Vulnerable Software and Affected Versions: The Scratch Channel versions prior to 1.2 Description: The Scratch Channel is a news website where a user with fork privileges can modify administrators and create articles via a POST request to the API. Recommendations: Update to version 1.2...

WordPress plugin CoSchool LMS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-35308 · Leadboxer · Leadboxer

Name of the Vulnerable Software and Affected Versions: LeadBoxer versions prior to 1.2 Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting', which allows Reflected XSS. This problem affects LeadBoxer, enabling...

CVE-2024-3373

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in RSM Design Website Template allows SQL Injection. This issue affects Website Template: before 1.2...

CVE-2024-35207

A vulnerability has been identified in SINEC Traffic Analyzer 6GK8822-1BG01-0BA0 All versions V1.2. The web interface of the affected devices are vulnerable to Cross-Site Request ForgeryCSRF attacks. By tricking an authenticated victim user to click a malicious link, an attacker could perform...

CVE-2024-35208

A vulnerability has been identified in SINEC Traffic Analyzer 6GK8822-1BG01-0BA0 All versions V1.2. The affected web server stored the password in cleartext. This could allow attacker in a privileged position to obtain access passwords...

Hedef Tracking Admin Panel SQL Injection Vulnerability

Hedef Tracking Admin Panel is a tracking admin panel from Hedef. A SQL injection vulnerability exists in Hedef Tracking Admin Panel versions prior to 1.2, which stems from incorrect neutralization of the particular element used...

MyCompanyFiles Oliva Expertise EKS 跨站脚本漏洞

MyCompanyFiles Oliva Expertise EKS is a file management application from MyCompanyFiles, Inc. A cross-site scripting vulnerability exists in MyCompanyFiles Oliva Expertise EKS versions prior to 1.2 that stems from vulnerability to cross-site scripting XSS attacks...

CVE-2023-27889

Cross-site request forgery CSRF vulnerability in LIQUID SPEECH BALLOON versions prior to 1.2 allows a remote unauthenticated attacker to hijack the authentication of a user and to perform unintended operations by having a user view a malicious page...

CVE-2022-3682

A vulnerability exists in the SDM600 file permission validation. An attacker could exploit the vulnerability by gaining access to the system and uploading a specially crafted message to the system node, which could result in Arbitrary code Executing. This issue affects: All SDM600 versions prior ...

PT-2021-20952 · Hitachi Abb Power Grids · Hitachi Abb Power Grids System Data Manager – Sdm600

Name of the Vulnerable Software and Affected Versions: Hitachi ABB Power Grids System Data Manager – SDM600 versions prior to 1.2 FP2 HF6 Build Nr. 1.2.14002.257 Description: A backup file without encryption vulnerability is found in Hitachi ABB Power Grids System Data Manager – SDM600, allowing ...

Information disclosure

MetroCluster Tiebreaker for clustered Data ONTAP in versions before 1.2 discloses sensitive information in cleartext which may be viewed by an unauthenticated user...

Dojo Toolkit Cross-Site Scripting Vulnerability

Dojo Toolkit is the Dojo Foundation a JavaScript language implementation of open source DHTML toolkit . A cross-site scripting vulnerability exists in versions of Dojo Toolkit prior to 1.2. A remote attacker can exploit this vulnerability to inject arbitrary Web script or HTML...