ServiceNow has addressed an input validation vulnerability that was identified in the Now Platform. This vulnerability could enable an unauthenticated user to remotely execute code within the context ...

The InPost for WooCommerce plugin and InPost PL plugin for WordPress are vulnerable to unauthorized access and deletion of data due to a missing capability check on the 'parse_request' function in all...

Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injecte...

Improper privilege management vulnerability in Parallels Desktop Software, which affects versions earlier than 19.3.0. An attacker could add malicious code in a script and populate the BASH_ENV enviro...

PTC Creo Elements/Direct License Server exposes a web interface which can be used by unauthenticated remote attackers to execute arbitrary OS commands on the server.

Huang Yaoshi Pharmaceutical Management Software through 16.0 allows arbitrary file upload via a .asp filename in the fileName element of the UploadFile element in a SOAP request to /XSDService.asmx.

Simofa is a tool to help automate static website building and deployment. Prior to version 0.2.7, due to a design mistake in the RouteLoader class, some API routes may be publicly accessible when they...

IBM AIX 7.2 and 7.3 nimesis NIM master service could allow a remote attacker to execute arbitrary commands due to improper process controls.

Unrestricted Upload of File with Dangerous Type vulnerability in Azzaroco WP SuperBackup allows Upload a Web Shell to a Web Server.This issue affects WP SuperBackup: from n/a through 2.3.3.

Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through 1.9.9.

SQL Injection vulnerability in the default configuration of the Logitime WebClock application <= 5.43.0 allows an unauthenticated user to run arbitrary code on the backend database server.

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in HK Digital Agency LLC TAX SERVICE Electronic HDM allows SQL Injection.This issue affects TAX SERVI...

Unrestricted Upload of File with Dangerous Type vulnerability in Roninwp Revy allows Upload a Web Shell to a Web Server.This issue affects Revy: from n/a through 1.18.

A vulnerability in RhinOS 3.0-1190 could allow PHP code injection through the "search" parameter in /portal/search.htm. This vulnerability could allow a remote attacker to perform a reverse shell on t...

Unrestricted Upload of File with Dangerous Type vulnerability in Genetech Pie Register Premium.This issue affects Pie Register Premium: from n/a before 3.8.3.3.

Unrestricted Upload of File with Dangerous Type vulnerability in Pathomation allows Upload a Web Shell to a Web Server.This issue affects Pathomation: from n/a through 2.5.1.

Unrestricted Upload of File with Dangerous Type vulnerability in stefanbohacek Fediverse Embeds allows Upload a Web Shell to a Web Server.This issue affects Fediverse Embeds: from n/a through 1.5.3.

Missing Authorization vulnerability in Eugen Bobrowski Debug Tool allows Upload a Web Shell to a Web Server.This issue affects Debug Tool: from n/a through 2.2.

Unrestricted Upload of File with Dangerous Type vulnerability in Softpulse Infotech Picsmize allows Upload a Web Shell to a Web Server.This issue affects Picsmize: from n/a through 1.0.0.

Unrestricted Upload of File with Dangerous Type vulnerability in Kinetic Innovative Technologies Sdn Bhd kineticPay for WooCommerce allows Upload a Web Shell to a Web Server.This issue affects kinetic...

Unrestricted Upload of File with Dangerous Type vulnerability in BdThemes Instant Image Generator allows Upload a Web Shell to a Web Server.This issue affects Instant Image Generator: from n/a through...

Unrestricted Upload of File with Dangerous Type vulnerability in cmsMinds Boat Rental Plugin for WordPress allows Upload a Web Shell to a Web Server.This issue affects Boat Rental Plugin for WordPress...

Unrestricted Upload of File with Dangerous Type vulnerability in Arttia Creative Datasets Manager by Arttia Creative.This issue affects Datasets Manager by Arttia Creative: from n/a through 1.5.

Unrestricted Upload of File with Dangerous Type vulnerability in DoThatTask Do That Task allows Upload a Web Shell to a Web Server.This issue affects Do That Task: from n/a through 1.5.5.