The /rest/rights/ REST API endpoint in Becon DATAGerry through 2.2.0 contains an Incorrect Access Control vulnerability. An attacker can remotely access this endpoint without authentication, leading t...

A buffer overflow in the RecvSocketData function of Inovance HCPLC_AM401-CPU1608TPTN 21.38.0.0, HCPLC_AM402-CPU1608TPTN 41.38.0.0, and HCPLC_AM403-CPU1608TN 81.38.0.0 allows attackers to cause a Denia...

Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to change the wakeup interval of end devices in controller memory, disrupting the device's communication...

Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to cause disrupt communications between the controller and the device itself via repeatedly sending craf...

Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to cause a Denial of Service (DoS) via repeatedly sending crafted packets to the controller.

An XML External Entity (XXE) vulnerability in the Import object and Translation Memory import functionalities of WorldServer v11.8.2 to access sensitive information and execute arbitrary commands via ...

Improper input validation in PAM JIT elevation feature in Devolutions Server 2024.1.11.0 and earlier allows an authenticated user with access to the PAM JIT elevation feature to manipulate the LDAP fi...

The Bookster WordPress plugin through 1.1.0 allows adding sensitive parameters when validating appointments allowing attackers to manipulate the data sent when booking an appointment (the request body...

SunGrow WiNet-SV200.001.00.P027 and earlier versions contains a hardcoded password that can be used to decrypt all firmware updates.

SunGrow iSolarCloud Android app V2.1.6.20241017 and prior uses an insecure AES key to encrypt client data (insufficient entropy). This may allow attackers to decrypt intercepted communications between...

java_shop 1.0 is vulnerable to Incorrect Access Control, which allows attackers to obtain sensitive information of users with different IDs by modifying the ID parameter.

TinyXML2 through 10.0.0 has a reachable assertion for UINT_MAX/digit, that may lead to application exit, in tinyxml2.cpp XMLUtil::GetCharacterRef.

TinyXML2 through 10.0.0 has a reachable assertion for UINT_MAX/16, that may lead to application exit, in tinyxml2.cpp XMLUtil::GetCharacterRef.

libsndfile through 1.2.2 has a reachable assertion, that may lead to application exit, in mpeg_l3_encode.c mpeg_l3_encoder_close.

CWE-552: Files or Directories Accessible to External Parties vulnerability exists which may prevent user to update the device firmware and prevent proper behavior of the webserver when specific files ...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MD. Mamunur Roshid WM Zoom allows DOM-Based XSS.This issue affects WM Zoom: from n/a through 1.0.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sided Sided allows DOM-Based XSS.This issue affects Sided: from n/a through 1.4.2.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Classy Addons Classy Addons for Elementor allows DOM-Based XSS.This issue affects Classy Addons fo...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jason Pancake Hover Video Preview allows Stored XSS.This issue affects Hover Video Preview: from n...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alessandro Staniscia EndomondoWP allows Stored XSS.This issue affects EndomondoWP: from n/a throug...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bonway Services Bonway Static Block Editor allows DOM-Based XSS.This issue affects Bonway Static B...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Abdullah Nahian Awesome Progress Bar allows DOM-Based XSS.This issue affects Awesome Progress Bar:...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themedy Themedy Toolbox allows DOM-Based XSS.This issue affects Themedy Toolbox: from n/a through ...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Print Reach, Inc. MyOrderDesk allows DOM-Based XSS.This issue affects MyOrderDesk: from n/a throug...