Riasztások

If LDAP settings are accessed, authentication could be redirected to another server, potentially exposing credentials. This requires admin access and an active LDAP setup.

itsourcecode Placement Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the Full Name field in registration.php.

Cross-Site Scripting (XSS) vulnerability in Roundcube Webmail 1.6.9 allows remote authenticated users to upload a malicious file as an email attachment, leading to the triggering of the XSS by...

Prolink 4G LTE Mobile Wi-Fi DL-7203E V4.0.0B05 is vulnerable to Cross Site Scripting (XSS) in the /reqproc/proc_get endpoint. The vulnerability arises because the cmd parameter does not properly...

Prolink 4G LTE Mobile Wi-Fi DL-7203E V4.0.0B05 is vulnerable to SQL Injection in in the /reqproc/proc_get endpoint. The vulnerability allows an attacker to manipulate SQL queries by injecting...

The Eventer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.9.9 due to insufficient input sanitization and output escaping on...

The Eventer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'handle_pdf_download_request' function in all versions up to, and...

The Eventer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'eventer_export_bookings_csv' function in all versions up to, and...

With address book access, SMB/FTP settings could be modified, redirecting scans and possibly capturing credentials. This requires enabled scan functions and printer access.

The BoomBox Theme Extensions plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.8.0 via the 'boombox_listing' shortcode 'type'...