| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SQL Injection vulnerability in Uniclare Student portal v.2 and before allows a remote attacker to execute arbitrary code via the Forgot Password function. |
| Missing Authorization vulnerability in Jeroen Schmit Theater for WordPress theatre allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Theater for WordPress: from n/a through <= 0.19. |
| In WODESYS WD-R608U router (also known as WDR122B V2.0 and WDR28) due to lack of authentication in the configuration change module in the adm.cgi endpoint, the unauthenticated attacker can execute commands including backup creation, device restart and resetting the device to factory settings.
The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version WDR28081123OV1.01 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable. |
| setDeferredReply in networking.c in Valkey through 8.1.1 has an integer underflow for prev->size - prev->used. |
| A USB backdoor feature can be triggered by attaching a USB drive that contains specially crafted "salia.ini" files. The .ini file can contain several "commands" that could be exploited by an attacker to export or modify the device configuration, enable an SSH backdoor or perform other administrative actions. Ultimately, this backdoor also allows arbitrary execution of OS commands. |
| Missing Authorization vulnerability in vanquish User Extra Fields wp-user-extra-fields allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Extra Fields: from n/a through <= 16.8. |
| The Reveal Template plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.7. This is due to the plugin allowing direct access to the bootstrap.php file which has display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. |
| The Newsletters plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 4.9.9. This is due the plugin not preventing direct access to the /vendor/mobiledetect/mobiledetectlib/export/exportToJSON.php. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. |
| The Matrix specification before 1.16 (i.e., with a room version before 12 and State Resolution before 2.1) has deficient state resolution. |
| Missing Authorization vulnerability in WPFunnels WPFunnels wpfunnels allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPFunnels: from n/a through <= 3.6.2. |
| Ambiguous wording in the web interface of the ctrlX OS setup mechanism could lead the user to believe that the backup file is encrypted when a password is set. However, only the private key - if available in the backup - is encrypted, while the backup file itself remains unencrypted. |
| Deserialization of Untrusted Data vulnerability in BoldThemes Codiqa codiqa allows Object Injection.This issue affects Codiqa: from n/a through < 1.2.8. |
| SAP Service Parts Management (SPM) does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. This has low impact on Confidentiality, integrity and availability of the application. |
| DiskCache (python-diskcache) through 5.6.3 uses Python pickle for serialization by default. An attacker with write access to the cache directory can achieve arbitrary code execution when a victim application reads from the cache. |
| Deserialization of Untrusted Data vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Object Injection.This issue affects Client Invoicing by Sprout Invoices: from n/a through <= 20.8.7. |
| Stack-based Buffer Overflow vulnerability in ABB RMC-100, ABB RMC-100 LITE.
When the REST interface is enabled by the user, and an attacker gains access to
the control network, and CVE-2025-6074 is exploited, the attacker can use the
JSON configuration to overflow the date of expiration field.This issue affects RMC-100: from 2105457-043 through 2105457-045; RMC-100 LITE: from 2106229-015 through 2106229-016. |
| Projects using the SUSE Virtualization (Harvester) environment may expose the OS default ssh login password if they are using the 1.5.x or 1.6.x interactive installer to either create a new cluster or add new hosts to an existing cluster. The environment is not affected if the PXE boot mechanism is utilized along with the Harvester configuration setup. |
| SAP MDM Server Read function allows an attacker to send specially crafted packets which could trigger a memory read access violation in the server process that would then fail and exit unexpectedly causing high impact on availability with no impact on confidentiality and integrity of the application. |
| SAP MDM Server ReadString function allows an attacker to send specially crafted packets which could trigger a memory read access violation in the server process that would then fail and exit unexpectedly causing high impact on availability with no impact on confidentiality and integrity of the application. |
| SAP S/4HANA (Bank Account Application) does not perform necessary authorization checks. This allows an authenticated 'approver' user to delete attachment from bank account application of other user, leading to a low impact on integrity, with no impact on the confidentiality of the data or the availability of the application. |
