| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RSM Design Website Template allows SQL Injection.This issue affects Website Template: before 1.2. |
| OMNTEC Proteus Tank Monitoring OEL8000III Series
could allow an attacker to perform administrative actions without proper authentication. |
| Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Western Digital My Cloud ddns-start on Linux allows Overflow Buffers.This issue affects My Cloud: before 5.29.102. |
| This vulnerability exists in Apex Softcell LD Geo due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack on login OTP, which could lead to gain unauthorized access to other user accounts. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eliz Software Panel allows Command Line Execution through SQL Injection.This issue affects Panel: before v2.3.24. |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Eliz Software Panel allows Stored XSS.This issue affects Panel: before v2.3.24. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Exnet Informatics Software Ferry Reservation System allows SQL Injection.This issue affects Ferry Reservation System: before 240805-002. |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Talent Software BAP Automation allows Stored XSS.This issue affects BAP Automation: before 30840. |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Eliz Software Panel allows Reflected XSS.This issue affects Panel: before v2.3.24. |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Vidco Software VOC TESTER allows Path Traversal.This issue affects VOC TESTER: before 12.34.8. |
| The Windows version of WebIQ 2.15.9 is affected by a directory traversal vulnerability that allows remote attackers to read any file on the system. |
| Improper Restriction of XML External Entity Reference vulnerability in SFS Consulting ww.Winsure allows XML Injection.This issue affects ww.Winsure: before 4.6.2. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SFS Consulting InsureE GL allows SQL Injection.This issue affects InsureE GL: before 4.6.2. |
| Improper Control of Generation of Code ('Code Injection') vulnerability in SFS Consulting ww.Winsure allows Code Injection.This issue affects ww.Winsure: before 4.6.2. |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'), Improper Encoding or Escaping of Output, CWE - 83 Improper Neutralization of Script in Attributes in a Web Page vulnerability in Veribilim Software Veribase Order allows Stored XSS, Cross-Site Scripting (XSS), Exploit Script-Based APIs, XSS Through HTTP Headers.This issue affects Veribase Order: before v4.010.3. |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ece Software Electronic Ticket System allows Reflected XSS, Cross-Site Scripting (XSS).This issue affects Electronic Ticket System: before 2024.08. |
| The grafana plugin SDK bundles build metadata into the binaries it compiles; this metadata includes the repository URI for the plugin being built, as retrieved by running `git remote get-url origin`.
If credentials are included in the repository URI (for instance, to allow for fetching of private dependencies), the final binary will contain the full URI, including said credentials. |
| This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack against legitimate user passwords, which could lead to gain unauthorized access and compromise other user accounts. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NAC Telecommunication Systems Inc. NACPremium allows Blind SQL Injection.This issue affects NACPremium: through 01082024. |
| A remote code execution (RCE) vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2. |
