84 matches found
Vanna - SQL injection
Vanna v0.3.4 is vulnerable to SQL injection in its DuckDB integration exposed to its Flask Web APIs. Attackers can inject malicious SQL training data and generate corresponding queries to write arbitrary files on the victim's file system, such as backdoor.php with contents . This can lead to...
Viral Signup <= 2.1 - SQL Injection
The Viral Signup limited opt-in with viral referral sharing plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possibl...
WBCE 1.6.0 - SQL Injection
There is an sql injection vulnerability in "miniform module" which is a default module installed in the WBCE cms. It is an unauthenticated sqli so anyone could access it and takeover the whole database. In file "/modules/miniform/ajaxdeletemessage.php" there is no authentication check. On line 40...
Wordpress Country State City Dropdown <=2.7.2 - SQL Injection
The Country State City Dropdown CF7 plugin for WordPress is vulnerable to SQL Injection via the βcntβ and 'sid' parameters in versions up to, and including, 2.7.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes i...
Control iD iDSecure - Authentication Bypass
An authentication bypass vulnerability exists in Control iD iDSecure v4.7.32.0. The login routine used by iDS-Core.dll contains a "passwordCustom" option that allows an unauthenticated attacker to compute valid credentials that can be used to bypass authentication and act as an administrative use...
Advantech R-SeeNet 2.4.12 - OS Command Injection
Advantech R-SeeNet 2.4.12 is susceptible to remote OS command execution via the ping.php script functionality. An attacker, via a specially crafted HTTP request, can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering...
SPIP BigUp Plugin - Remote Code Execution
SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. A remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request. id: CVE-2024-8517 info: name: SPIP BigUp Plugin - Remote Code Execution...
EUVD-2024-18796
Malicious code in bioql PyPI...
CVE-2021-2382
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Security. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3,...
Security Bulletin: BAMOE 9 vulnerability in tomcat-embed-core library, version 10.1.34, transitively linked from Spring Boot
Summary There is a vulnerable library tomcat-embed-core, in version 10.1.34, transitively used in BAMOE 9, linked from the Spring Boot version used by BAMOE libraries, has been fixed in BAMOE 9.2.0, along with more CVE fixes published in the Security Bulletin 7229574. Vulnerability Details...
Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-56337 tomcat-embed-core-10.1.33.jar (Publicly disclosed vulnerability found by Mend) CVE-2024-56337
Summary Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-56337 tomcat-embed-core-10.1.33.jar Publicly disclosed vulnerability found by Mend CVE-2024-56337. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...
SonicWall SMA Appliances Exploited in Zero-Day Attacks
Critical security flaw in SonicWall SMA 1000 appliances CVE-2025-23006 exploited as a zero-day. Rated CVSS 9.8, patch immediatelyβ¦...
Security Bulletin: Due to the package jsonpath-plus, IBM Event Streams is vulnerable to Remote Code Execution
Summary jsonpath-plus is used by IBM Event Streams as part of the UI. Vulnerability Details CVEID:CVE-2024-21534 DESCRIPTION: Versions of the package jsonpath-plus before 10.0.0 are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacker can execute aribitrary code...
Security Bulletin: Vulnerability in OpenSSH affects IBM Integrated Analytics System [CVE-2023-51385]
Summary Redhat provided OpenSSH is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2023-51385 Vulnerability Details CVEID:CVE-2023-51385 DESCRIPTION: OpenSSH could allow a remote attacker to execute arbitrary commands on the system,...
Exploit for CVE-2023-6553
CVE-2023-6553 Exploit Development for CVE-2023-6553 on Backup...
Security Bulletin: Vulnerability in jackson-databind affects IBM watsonx.data
Summary FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization. This could affect IBM watsonx.data. Vulnerability Details CVEID:CVE-2020-36188 DESCRIPTION: FasterXML jackson-databind could allow a remote attacker to...
Security Bulletin: Vulnerability in Perl affects IBM watsonx.data
Summary Perl could allow a remote attacker to bypass security restrictions, caused by improper handling of property name by the Sparseunipropstring function in regcomp.c. This can affect IBM watsonx.data. Vulnerability Details CVEID:CVE-2023-47100 DESCRIPTION: Perl could allow a remote attacker t...
6,000 WordPress Sites Affected by Unauthenticated Critical Vulnerability in WP Job Portal WordPress Plugin
π’ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Through October 14th, researchers can earn up to $31,200, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, an...
Security Bulletin: Vulnerability in Apache Calcite Avatica affects watsonx.data
Summary Apache Calcite Avatica JDBC driver creates HTTP client instances based on class names provided via httpclientimpl connection property; however, the driver does not verify if the class implements the expected interface before instantiating it, which can lead to code execution loaded via...
Critical Flaw in Ivanti Virtual Traffic Manager Could Allow Rogue Admin Access
Ivanti has rolled out security updates for a critical flaw in Virtual Traffic Manager vTM that could be exploited to achieve an authentication bypass and create rogue administrative users. The vulnerability, tracked as CVE-2024-7593, has a CVSS score of 9.8 out of a maximum of 10.0. "Incorrect...