CVE-2024-12311

The Email Subscribers by Icegram Express WordPress plugin before 5.7.44 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks...

Prototype Pollution

@saltcorn/server is vulnerable to Prototype Pollution. The vulnerability is due to improper handling of the lang and defstring parameters, allowing modification of the Object prototype, which can lead to remote code execution RCE and SQL injection vulnerabilities...