CVE-2024-3610

The WP Child Theme Generator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wctgeasychildtheme function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to create a blank child theme...

CVE-2024-1228

Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all Eurosoft Przychodnia installations. This issue affects Eurosoft Przychodnia software before version 20240417.001 from that version...

CVE-2024-22347

IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

CVE-2024-24830

OpenObserve is a observability platform built specifically for logs, metrics, traces, analytics, designed to work at petabyte scale. A vulnerability has been identified in the "/api/orgid/users" endpoint. This vulnerability allows any authenticated regular user 'member' to add new users with...

CVE-2023-5713

The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sdoptionvalue function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level...

CVE-2023-41293

Data security classification vulnerability in the DDMP module. Successful exploitation of this vulnerability may affect confidentiality...

CVE-2023-30677

Improper access control vulnerability in Samsung Pass prior to version 4.2.03.1 allows physical attackers to access data of Samsung Pass on a certain state of an unlocked device...

CVE-2023-39383

Vulnerability of input parameters being not strictly verified in the AMS module. Successful exploitation of this vulnerability may compromise apps' data security...

CVE-2023-1430

The FluentCRM - Marketing Automation For WordPress plugin for WordPress is vulnerable to unauthorized modification of data in versions up to, and including, 2.8.01 due to the use of an MD5 hash without a salt to control subscriptions. This makes it possible for unauthenticated attackers to...

CVE-2023-23472

IBM InfoSphere DataStage Flow Designer InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that could aid in further attacks against the system...

CVE-2023-3125

The B2BKing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'b2bkingsavepriceimport' function in versions up to, and including, 4.6.00. This makes it possible for Authenticated attackers with subscriber or customer-level permissions...

CVE-2022-25831

Improper access control vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical attackers to access secured data in certain conditions...

The vulnerability of the AdvSetMacMtuWan function in the microprogramming software for Tenda AC10 routers allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the AdvSetMacMtuWan function in the Tenda AC10 router software lies in the copying of buffers without checking the size of the input data. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected...

PT-2025-22641 · Unknown · Nexus Series +2

Name of the Vulnerable Software and Affected Versions: ASPECT-Enterprise versions through 3. NEXUS Series versions through 3. MATRIX Series versions through 3. Description: The issue is related to Stored Absolute Path Traversal vulnerabilities in ASPECT, which could expose sensitive data if...

CVE-2022-3558

The Import and export users and customers WordPress plugin before 1.20.5 does not properly escape data when exporting it via CSV files...

CVE-2022-2792

Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-284 Improper Access Control, and stores project data in a directory with improper access control lists...

CVE-2022-25577

ALF-BanCO v8.2.5 and below was discovered to use a hardcoded password to encrypt the SQLite database containing the user's data. Attackers who are able to gain remote or local access to the system are able to read and modify the data...

CVE-2021-32704

DHIS 2 is an information system for data capture, management, validation, analytics and visualization. A SQL injection security vulnerability has been found in specific versions of DHIS2. This vulnerability affects the /api/trackedEntityInstances API endpoint in DHIS2 versions 2.34.4, 2.35.2,...

CVE-2021-32985

AVEVA System Platform versions 2017 through 2020 R2 P01 does not properly verify that the source of data or communication is valid...

CVE-2021-2117

Vulnerability in the Oracle Application Express Survey Builder component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromi...