Missing Authorization vulnerability in Bowo Debug Log Manager.This issue affects Debug Log Manager: from n/a through 2.3.1.

Missing Authorization vulnerability in Andreas Sofantzis Simple COD Fees for WooCommerce.This issue affects Simple COD Fees for WooCommerce: from n/a through 2.0.2.

Authorization Bypass Through User-Controlled Key vulnerability in KiviCare.This issue affects KiviCare: from n/a through 3.6.2.

The Content Blocks (Custom Post Widget) plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.0 via the plugin's 'content_block' shortcode. This makes it...

The Custom Field Suite plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 2.6.7 via the Loop custom field. This is due to insufficient sanitization of input...

The Custom Field Suite plugin for WordPress is vulnerable to SQL Injection via the the 'Term' custom field in all versions up to, and including, 2.6.7 due to insufficient escaping on the user supplied...

SQL injection vulnerabilities were discovered in Ajax.php, ForWindow.php, ForExport.php, Modules.php, functions/HackingLogFnc.php in OpenSis Community Edition 9.1 to 8.0, and possibly earlier versions...

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoMove_deal.php?mudi=rev&nohrefStr=close.

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ca_deal.php?mudi=rev&nohrefStr=close.

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/vpsSys_deal.php?mudi=infoSet.

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoMove_deal.php?mudi=del&dataType=logo&dataTypeCN.

A vulnerability was found in Campcodes Church Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/add_sundaysch.php. The manip...

TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the password parameter in the function loginAuth

TOTOLINK CP900L v4.1.5cu.798_B20221228 weas discovered to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter. This vulnerability allows attackers to e...

TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root.

A vulnerability was found in Campcodes Church Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/addgiving.php. The ...

TOTOLINK NR1800X v9.1.0u.6681_B20230703 was discovered to contain a stack overflow via the password parameter in the function urldecode

A vulnerability was found in Campcodes Church Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/addTithes.php. The manipulation of the argum...

A vulnerability was found in Campcodes Church Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/admin_user.php. The manipulation of the ar...

FFmpeg version n6.1.1 has a double-free vulnerability in the fftools/ffmpeg_mux_init.c component of FFmpeg, specifically within the new_stream_audio function.

A vulnerability has been found in Campcodes Church Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/delete_log.php. The manipulation of the ...

A post-authentication arbitrary file read vulnerability within the server plugins section in plugin edition feature. This issue affects Pandora FMS: from 700 through <777.3.

A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, FortiManager version 7.4.0 through 7.4.2 allows attacker t...

A out-of-bounds write in Fortinet FortiManager version 7.4.0 through 7.4.2, FortiAnalyzer version 7.4.0 through 7.4.2 allows attacker to escalation of privilege via specially crafted http requests.