CVE-2019-5141

An exploitable command injection vulnerability exists in the iwwebs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted iwserverip parameter can cause user input to be reflected in a subsequent iwsystem call, resulting in remote control over the device. An attacker can...

CVE-2025-20185

CVE-2025-20185 affects Cisco AsyncOS Software (Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance). A vulnerability in the remote access password generation algorithm allows an authenticated, local attacker (with valid administrator credentials) to escalate privile...

CVE-2020-6140

SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The passwordstfemail parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2020-8474

Weak Registry permissions in ABB System 800xA Base allow low privileged users to read and modify registry settings related to control system functionality, allowing an authenticated attacker to cause system functions to stop or malfunction...

CVE-2024-7568

The Favicon Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the outputsubadminpage0 function. This makes it possible for unauthenticated attackers to delete arbitrary files on...

CVE-2024-34800

Missing Authorization vulnerability in Crafthemes Crafthemes Demo Import crafthemes-demo-import allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Crafthemes Demo Import: from n/a through = 3.3...

CVE-2024-12792

A vulnerability classified as critical was found in Codezips E-Commerce Site 1.0. Affected by this vulnerability is an unknown functionality of the file newadmin.php. The manipulation of the argument email leads to sql injection. The attack can be launched remotely. The exploit has been disclosed...

CVE-2024-29837

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below uses poor session management, allowing for an unauthenticated attacker to access administrator functionality if any other user is already signed in...

CVE-2024-9441

The Linear eMerge e3-Series through version 1.00-07 is vulnerable to an OS command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary OS commands via the loginid parameter when invoking the forgotpassword functionality over HTTP...

CVE-2024-54135

ClipBucket V5 provides open source video hosting with PHP. ClipBucket-v5 Version 2.0 to Version 5.5.1 Revision 199 are vulnerable to PHP Deserialization vulnerability. The vulnerability exists in upload/photoupload.php within the decodekey function. User inputs were supplied to this function...

CVE-2024-27299

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the the "Add News" functionality due to improper escaping of the email address. This allows any authenticated user with the rights to add/edi...

CVE-2024-42035

Permission control vulnerability in the App Multiplier module Impact:Successful exploitation of this vulnerability may affect functionality and confidentiality...

CVE-2024-11398

Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in OTP reset functionality in Synology Router Manager SRM before 1.3.1-9346-9 allows remote authenticated users to delete arbitrary files via unspecified vectors...

CVE-2024-22406

Shopware is an open headless commerce platform. The Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the parameters in the “aggregations...

CVE-2024-26003

An unauthenticated remote attacker can DoS the control agent due to a out-of-bounds read which may prevent or disrupt the charging functionality...

CVE-2024-26004

An unauthenticated remote attacker can DoS a control agent due to access of a uninitialized pointer which may prevent or disrupt the charging functionality...

CVE-2024-8181

An Authentication Bypass vulnerability exists in Flowise version 1.8.2. This could allow a remote, unauthenticated attacker to access API endpoints as an administrator and allow them to access restricted functionality...

CVE-2025-24966 HTML Injection in reNgine

reNgine is an automated reconnaissance framework for web applications. HTML Injection occurs when an application improperly validates or sanitizes user inputs, allowing attackers to inject arbitrary HTML code. In this scenario, the vulnerability exists in the "Add Target" functionality of the...

CVE-2024-49840

Memory corruption while Invoking IOCTL calls from user-space to validate FIPS encryption or decryption functionality...

CVE-2025-23527

Missing Authorization vulnerability in hemnathmouli WC Wallet wc-wallet allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WC Wallet: from n/a through = 2.2.0...