CVE-2021-27722

An issue was discovered in Nsasoft US LLC SpotAuditor 5.3.5. The program can be crashed by entering 300 bytes char data into the "Key" or "Name" field while registering...

CVE-2020-36852

The Custom Searchable Data Entry System plugin for WordPress is vulnerable to unauthenticated database wiping in versions up to, and including 1.7.1, due to a missing capability check and lack of sufficient validation on the ghazalesdsdeleteentriestablerow function. This makes it possible for...

WordPress Custom Searchable Data Entry System plugin <= 1.7.1 - Unauthenticated Database Wiping vulnerability

Unauthenticated Database Wiping vulnerability discovered by Sean Murphy in WordPress Plugin Custom Searchable Data Entry System versions = 1.7.1...

CVE-2020-36852 Custom Searchable Data Entry System <= 1.7.1 - Unauthenticated Database Wiping

The Custom Searchable Data Entry System plugin for WordPress is vulnerable to unauthenticated database wiping in versions up to, and including 1.7.1, due to a missing capability check and lack of sufficient validation on the ghazalesdsdeleteentriestablerow function. This makes it possible for...

CVE-2020-36852

The WordPress plugin Custom Searchable Data Entry System (versions ≤ 1.7.1) is vulnerable to unauthenticated database wiping due to a missing capability check and inadequate validation in ghazale_sds_delete_entries_table_row(). This allows unauthenticated attackers to wipe tables (e.g., wp_users)...

CVE-2020-36852 Custom Searchable Data Entry System <= 1.7.1 - Unauthenticated Database Wiping

The Custom Searchable Data Entry System plugin for WordPress is vulnerable to unauthenticated database wiping in versions up to, and including 1.7.1, due to a missing capability check and lack of sufficient validation on the ghazalesdsdeleteentriestablerow function. This makes it possible for...

PT-2025-40063

Name of the Vulnerable Software and Affected Versions Custom Searchable Data Entry System plugin for WordPress versions up to and including 1.7.1 Description The Custom Searchable Data Entry System plugin for WordPress is susceptible to unauthenticated database wiping. This is due to a missing...

WordPress plugin Custom Searchable Data Entry System 安全漏洞

WordPress Custom Searchable Data Entry System plugin is a plugin for creating a searchable data entry system in your website that allows users to fill in information based on specific criteria and enables data matching queries. The WordPress Custom Searchable Data Entry System plugin suffers from...

CVE-2024-43413 Xibo CMS XSS vulnerability using DataSet HTML columns

Xibo is an open source digital signage platform with a web content management system CMS. Prior to version 4.1.0, a cross-site scripting vulnerability in Xibo CMS allows authorized users to execute JavaScript via the DataSet functionality. Users can design a DataSet with a HTML column which...

DEBIAN-CVE-2024-41013

In the Linux kernel, the following vulnerability has been resolved: xfs: don't walk off the end of a directory data block This adds sanity checks for xfsdir2dataunused and xfsdir2dataentry to make sure don't stray beyond valid memory region. Before patching, the loop simply checks that the start...

UBUNTU-CVE-2024-41013

In the Linux kernel, the following vulnerability has been resolved: xfs: don't walk off the end of a directory data block This adds sanity checks for xfsdir2dataunused and xfsdir2dataentry to make sure don't stray beyond valid memory region. Before patching, the loop simply checks that the start...

CVE-2024-37177

CVE-2024-37177 involves SAP Financial Consolidation and a cross-site scripting (XSS) vulnerability where data can be entered into a Web application via endpoints exposed on the network from an untrusted source. Successful exploitation could impact confidentiality and integrity of the application....

CVE-2024-37177 Cross-Site Scripting (XSS) vulnerabilities in SAP Financial Consolidation

SAP Financial Consolidation allows data to enter a Web application through an untrusted source. These endpoints are exposed over the network and it allows the user to modify the content from the web site. On successful exploitation, an attacker can cause significant impact to confidentiality and...

SAP Financial Consolidation Cross-Site Scripting Vulnerability

SAP Financial Consolidation is a financial statement solution from SAP. The product is designed to automate intercompany reconciliations and offsets, currency conversions, and provide financial statement generation. A cross-site scripting vulnerability exists in SAP Financial Consolidation FINANC...

CVE-2024-36409

SuiteCRM is an open-source Customer Relationship Management CRM software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in Tree data entry point. Versions 7.14.4 and 8.6.1 contain a fix for this issue...

CVE-2024-36409

CVE-2024-36409 affects SuiteCRM before versions 7.14.4 and 8.6.1, where poor input validation enables an SQL Injection at the Tree data entry point. The root cause is inadequate input validation in the Tree entry point, allowing crafted input to alter database queries. Public advisories consisten...

CVE-2024-36409 SuiteCRM authenticated SQL Injection in TreeData entrypoint

SuiteCRM is an open-source Customer Relationship Management CRM software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in Tree data entry point. Versions 7.14.4 and 8.6.1 contain a fix for this issue...

SuiteCRM Security Breach

SuiteCRM is a customer relationship management system from the SuiteCRM team. SuiteCRM has a security vulnerability that stems from Inadequate input validation can lead to a SQL injection vulnerability at the Tree data entry point...

Xpand IT Write-back manager Trust Management Issue Vulnerability

Xpand IT Write-back manager is an extension for Xpand IT. that allows users to enter data directly from Tableau dashboards into a database. A security vulnerability exists in Xpand IT Write-back manager version v2.3.1, which stems from the use of a hard-coded salt in the configuration of the...

SUSE CVE-2020-0093

In exifdatasavedataentry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0...