CVE-2020-11659

CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to perform a restricted user administration action...

CVE-2020-11661

CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view and edit user data...

CVE-2020-11658

CA API Developer Portal 4.3.1 and earlier handles shared secret keys in an insecure manner, which allows attackers to bypass authorization...

CVE-2020-11662

CA API Developer Portal 4.3.1 and earlier handles requests insecurely, which allows remote attackers to exploit a Cross-Origin Resource Sharing flaw and access sensitive information...

WordPress ReDi Restaurant Reservation plugin <= 24.1209 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Ryan Novotny in WordPress Plugin ReDi Restaurant Reservation versions = 24.1209...

WordPress Hospital Management System plugin <= 47.0(20-11-2023) - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Jingle Bells in WordPress Plugin Hospital Management System versions = 47.020-11-2023...

CVE-2019-9804

In Firefox Developer Tools it is possible that pasting the result of the 'Copy as cURL' command into a command shell on macOS will cause the execution of unintended additional bash script commands if the URL was maliciously crafted. This is the result of an issue with the native version of Bash o...

CVE-2019-17313

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the Studio module by a Developer user...

CVE-2019-17300

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Administration module by a Developer user...

CVE-2019-17298

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Administration module by a Developer user...

CVE-2019-20532

An issue was discovered on Samsung mobile devices with O8.x, P9.0, and Q10.0 software. Attackers can access the Developer options without authentication. The Samsung ID is SVE-2019-15800 December 2019...

CVE-2019-17302

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the ModuleBuilder module by a Developer user...

WordPress Photography Theme <= 7.5.2 is vulnerable to PHP Object Injection

Software Photography Type Theme Vulnerable versions = 7.5.2 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE N/A Patch priority High CVSS severity High 8.5 Developer EPC PSID 070158f14a77 Credits Rafie Muhammad Patchstack Required privilege Subscriber Published 22...

WordPress Hot Random Image plugin <= 1.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via link Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via link Parameter vulnerability discovered by Kishan Vyas in WordPress Plugin Hot Random Image versions = 1.9.2...

CVE-1999-0452

A service or application has a backdoor password that was placed there by the developer...

WordPress Blog Designer PRO plugin <= 3.4.7 - Unauthenticated Non-Arbitrary Local File Inclusion vulnerability

Unauthenticated Non-Arbitrary Local File Inclusion vulnerability discovered by Seb in WordPress Plugin Blog Designer PRO versions = 3.4.7...

WordPress Formulario de contacto SalesUp! plugin <= 1.0.14 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Formulario de contacto SalesUp! versions = 1.0.14...

WordPress Qi Blocks plugin < 1.4 - Contributor+ Stored XSS via Counter Block vulnerability

Contributor+ Stored XSS via Counter Block vulnerability discovered by Krugov Artyom in WordPress Plugin Qi Blocks versions 1.4...

WordPress WP Job Portal plugin <= 2.3.2 - Insecure Direct Object References (IDOR) Vulnerability

Insecure Direct Object References IDOR Vulnerability discovered by LVT-tholv2k in WordPress Plugin WP Job Portal versions = 2.3.2...

WordPress Url Rewrite Analyzer plugin <= 1.3.3 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by domiee13 in WordPress Plugin Url Rewrite Analyzer versions = 1.3.3...