|
121
|
- |
|
-
|
-
|
A vulnerability was found in code-projects Online Shoe Store 1.0. It has been rated as critical. This issue affects some unknown processing of the file /details.php. The manipulation of the argument …
|
CWE-89
CWE-74
SQL Injection
Injection
|
CVE-2025-0204
|
2025-01-4 17:15 |
2025-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
122
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The WP Smart Import : Import any XML File to WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘ page’ parameter in all versions up to, and including, 1.1.2 due t…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12701
|
2025-01-4 17:15 |
2025-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
123
|
5.4 |
MEDIUM
Network
|
-
|
-
|
The Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up t…
|
CWE-352
Origin Validation Error
|
CVE-2024-12545
|
2025-01-4 17:15 |
2025-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
124
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The WP Compress – Instant Performance & Speed Optimization plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘custom_server’ parameter in all versions up to, and including,…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12047
|
2025-01-4 17:15 |
2025-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
125
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Media Library Assistant plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘smc_settings_tab', 'unattachfixit-action', and 'woofixit-action’ parameters in all versions u…
|
CWE-79
Cross-site Scripting
|
CVE-2024-11974
|
2025-01-4 17:15 |
2025-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
126
|
8.8 |
HIGH
Network
|
-
|
-
|
The Backup Migration plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.6 via deserialization of untrusted input in the 'recursive_unserialize_replac…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-10932
|
2025-01-4 17:15 |
2025-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
127
|
- |
|
-
|
-
|
A vulnerability was found in code-projects Student Management System 1.0. It has been declared as critical. This vulnerability affects the function showSubject1 of the file /config/DbFunction.php. Th…
|
CWE-89
CWE-74
SQL Injection
Injection
|
CVE-2025-0203
|
2025-01-4 16:15 |
2025-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
128
|
- |
|
-
|
-
|
A vulnerability was found in TCS BaNCS 10. It has been classified as problematic. This affects an unknown part of the file /REPORTS/REPORTS_SHOW_FILE.jsp. The manipulation of the argument FilePath le…
|
CWE-73
External Control of File Name or Path
|
CVE-2025-0202
|
2025-01-4 14:15 |
2025-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
129
|
- |
|
-
|
-
|
A vulnerability was found in code-projects Point of Sales and Inventory Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /user/update…
|
CWE-89
CWE-74
SQL Injection
Injection
|
CVE-2025-0201
|
2025-01-4 13:15 |
2025-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
130
|
- |
|
-
|
-
|
A vulnerability has been found in code-projects Point of Sales and Inventory Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /…
|
CWE-89
CWE-74
SQL Injection
Injection
|
CVE-2025-0200
|
2025-01-4 12:15 |
2025-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
