CVE-2021-29431

Sydent is a reference Matrix identity server. Sydent can be induced to send HTTP GET requests to internal systems, due to lack of parameter validation or IP address blacklisting. It is not possible to exfiltrate data or control request headers, but it might be possible to use the attack to perfor...

CVE-2021-37417

Zoho ManageEngine ADSelfService Plus version 6103 and prior allows CAPTCHA bypass due to improper parameter validation...

CVE-2021-25028

The Event Tickets WordPress plugin before 5.2.2 does not validate the tribeticketsredirectto parameter before redirecting the user to the given value, leading to an arbitrary redirect issue...

CVE-2021-24786

The Download Monitor WordPress plugin before 4.4.5 does not properly validate and escape the "orderby" GET parameter before using it in a SQL statement when viewing the logs, leading to an SQL Injection issue...

CVE-2021-24458

The getayspopupboxes and getpopupcategories functions of the Popup box WordPress plugin before 2.3.4 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard...

CVE-2021-24154

The Theme Editor WordPress plugin before 2.6 did not validate the GET file parameter before passing it to the downloadfile function, allowing administrators to download arbitrary files on the web server, such as /etc/passwd...

CVE-2021-44507

An issue was discovered in FIS GT.M through V7.0-000 related to the YottaDB code base. A lack of parameter validation in calls to memcpy in strtok in srunix/ztimeoutroutines.c allows attackers to attempt to read from a NULL pointer...

CVE-2021-44481

An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack of parameter validation in calls to memcpy in checkandsettimeout in srunix/ztimeoutroutines.c allows attackers to attempt to read from a NULL pointer...

CVE-2021-24769

The Permalink Manager Lite WordPress plugin before 2.2.13.1 does not validate and escape the orderby parameter before using it in a SQL statement in the Permalink Manager page, leading to a SQL Injection...

CVE-2021-24748

The Email Before Download WordPress plugin before 6.8 does not properly validate and escape the order and orderby GET parameters before using them in SQL statements, leading to authenticated SQL injection issues...

CVE-2020-9259

Huawei Honor V30 smartphones with versions earlier than 10.1.0.212C00E210R5P1 have an improper authentication vulnerability. The system does not sufficiently validate certain parameter passed from the bottom level, the attacker should trick the user into installing a malicious application and...

CVE-2020-9255

Huawei Honor 10 smartphones with versions earlier than 10.0.0.178C00E178R1P4 have a denial of service vulnerability. Certain service in the system does not sufficiently validate certain parameter which is received, the attacker should trick the user into installing a malicious application,...

CVE-2020-16192

LimeSurvey 4.3.2 allows reflected XSS because application/controllers/LSBaseController.php lacks code to validate parameters...

CVE-2020-9242

FusionCompute 8.0.0 have a command injection vulnerability. The software does not sufficiently validate certain parameters post from user, successful exploit could allow an authenticated attacker to launch a command injection attack...

CVE-2013-1224

Directory traversal vulnerability in the Resource Manager in Cisco Unified Customer Voice Portal CVP Software before 9.0.1 ES 11 allows remote attackers to overwrite arbitrary files via a crafted 1 HTTP or 2 HTTPS request that triggers incorrect parameter validation, aka Bug ID CSCub38369...

CVE-2019-11604

An issue was discovered in Quest KACE Systems Management Appliance before 9.1. The script at /service/kbotservicenotsoap.php is vulnerable to unauthenticated reflected XSS when user-supplied input to the METHOD GET parameter is processed by the web application. Since the application does not...

CVE-2025-20114

A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform a horizontal privilege escalation attack on an affected system. This vulnerability is due to insufficient validation of user-supplied parameters in API requests. An attacker...

CVE-2025-20113

A vulnerability in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to elevate privileges to Administrator for a limited set of functions on an affected system. This vulnerability is due to insufficient server-side validation of user-supplied parameters in API or HT...

CVE-2025-20114

A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform a horizontal privilege escalation attack on an affected system. This vulnerability is due to insufficient validation of user-supplied parameters in API requests. An attacker...

CVE-2025-47786

CVE-2025-47786 affects Emlog 2.5.13. The vulnerability is a stored cross-site scripting issue in /admin/comment.php where the unvalidated parameter perpage_num is stored in the database (admin_commend_perpage_num) and the output is not filtered, allowing a registered user to inject JavaScript tha...