15 matches found
CVE-2018-25403
The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Attackers can send GET requests to citygraph.php with crafted SQL payloads to extract sensitive database...
CVE-2025-10731 ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More <= 2.2.12 - Unauthenticated Sensitive Information Exposure to Data Export
The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.12 via the allReminderSettings function. This makes it possible for...
CVE-2018-25173
Rmedia SMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the gid parameter. Attackers can send GET requests to editgrp.php with malicious gid values using EXTRACTVALUE and CONCAT functions to retriev...
Improper Access Control
formcms is vulnerable to Improper Access Control. The vulnerability is due to insufficient authentication checks on the /api/schemas/history/schemaId endpoint, which allows an attacker to access historical schema data if a valid schemaId is known or guessed...
EUVD-2025-31748
Malicious code in bioql PyPI...
EUVD-2024-19742
Malicious code in bioql PyPI...
CVE-2025-55797
An improper access control vulnerability in FormCms v0.5.4 in the /api/schemas/history/schemaId endpoint allows unauthenticated attackers to access historical schema data if a valid schemaId is known or guessed...
CVE-2025-55797
An improper access control vulnerability in FormCms v0.5.4 in the /api/schemas/history/schemaId endpoint allows unauthenticated attackers to access historical schema data if a valid schemaId is known or guessed...
PT-2025-40039
An improper access control vulnerability in FormCms v0.5.4 in the /api/schemas/history/schemaId endpoint allows unauthenticated attackers to access historical schema data if a valid schemaId is known or guessed...
CVE-2025-55797
An improper access control vulnerability in FormCms v0.5.4 in the /api/schemas/history/schemaId endpoint allows unauthenticated attackers to access historical schema data if a valid schemaId is known or guessed...
CVE-2025-55797
CVE-2025-55797 affects FormCms v0.5.4. The /api/schemas/history/[schemaId] endpoint has improper access control, allowing unauthenticated attackers to access historical schema data when a valid schemaId is known or guessed. CVSSv3.1 base score is 6.5 (MEDIUM) with Network attack vector, low confi...
Security update for 389-ds
This update for 389-ds fixes the following issues: Persist extracted key path for ldapsslclientinit over repeat invocations bsc1230852 Re-enable use of .dsrc basedn for dsidm commands bsc1231462 Update to version 2.2.10git18.20ce9289: RFE: Use previously extracted key path Update dsidm to...
WordPress plugin Schema & Structured Data for WP & AMP 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2017-17329
Huawei ViewPoint 8660 V100R008C03 have a memory leak vulnerability. The software does not release allocated memory properly when parse XML Schema data. An authenticated attacker could upload a crafted XML file, successful exploit could cause the system service abnormal since run out of memory...
Fedora 20 : ReviewBoard-1.7.22-2.fc20 (2014-3446)
New upstream security release 1.7.22 - http://www.reviewboard.org/docs/releasenotes/reviewboa rd/1.7.22/ - Security Fixes : - An XSS vulnerability was found in the Search field's auto-complete. - New Features : - Added support for anonymous access to public Local Sites. - Added support for...