70 matches found
CVE-2026-12994
The WCFM – Frontend Manager for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.7.27. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attacker...
CVE-2026-10041
The WCFM – Frontend Manager for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.27 via the wcfmproductarchive due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...
EUVD-2026-43156
The WCFM – Frontend Manager for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.7.27. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attacker...
CVE-2026-12994
Technical details are not publicly available in the provided documents. The description summarizes the vulnerability but lacks concrete affected versions, components, and remediation specifics beyond general impact. Monitor for updates.
Siemens Products using OpenSSL
SUMMARY OpenSSL has published a stack based buffer overflow vulnerability that allows a remote attacker to cause a denial of service DoS or potentially allow for remote code execution. Siemens has released new versions for several affected products and recommends to update to the latest...
CVE-2026-36946
Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/inquiries/viewdetails.php...
Siemens SINEC NMS
SUMMARY SINEC NMS before V4.0 SP3 contains an Authorization Bypass vulnerability that could allow an attacker to bypass authorization checks, leading to the ability to reset the password of any arbitrary user account. Siemens has released a new version for SINEC NMS and recommends to update to...
EUVD-2026-21966
Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/inquiries/viewdetails.php...
PT-2026-32355
Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/inquiries/view details.php...
CVE-2026-36946
Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/inquiries/viewdetails.php...
EUVD-2025-10556
Malicious code in bioql PyPI...
EUVD-2022-36099
Malicious code in bioql PyPI...
CVE-2025-50370
A Cross-Site Request Forgery CSRF vulnerability exists in the Inquiry Management functionality /mcgs/admin/readenq.php of the Phpgurukul Medical Card Generation System 1.0. The vulnerable endpoint allows an authenticated admin to delete inquiry records via a simple GET request, without requiring ...
CVE-2023-30415
Sourcecodester Packers and Movers Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /inquiries/viewinquiry.php...
CVE-2022-44347
Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=inquiries/viewinquiry=...
CVE-2025-32685
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Aristo Rinjuang WP Inquiries wp-inquiries allows SQL Injection.This issue affects WP Inquiries: from n/a through = 0.2.1...
CVE-2025-32685
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Aristo Rinjuang WP Inquiries wp-inquiries allows SQL Injection.This issue affects WP Inquiries: from n/a through = 0.2.1...
CVE-2025-32685 WordPress WP Inquiries plugin <= 0.2.1 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Aristo Rinjuang WP Inquiries wp-inquiries allows SQL Injection.This issue affects WP Inquiries: from n/a through = 0.2.1...
CVE-2025-32685
CVE-2025-32685 is an authenticated SQL injection vulnerability in the WordPress plugin WP Inquiries (WP Inquiries
CVE-2025-32685 WordPress WP Inquiries plugin <= 0.2.1 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Aristo Rinjuang WP Inquiries wp-inquiries allows SQL Injection.This issue affects WP Inquiries: from n/a through = 0.2.1...