| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cleartext Storage of Sensitive Information in a Cookie vulnerability in Oceanic Software ValeApp allows Protocol Manipulation, : JSON Hijacking (aka JavaScript Hijacking).
This issue affects ValeApp: before v2.0.0. |
| Execution with Unnecessary Privileges, : Improper Protection of Alternate Path vulnerability in TR7 Application Security Platform (ASP) allows Privilege Escalation, -Privilege Abuse.
This issue affects Application Security Platform (ASP): v1.4.25.188. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Arne Informatics Piramit Automation allows Blind SQL Injection.
This issue affects Piramit Automation: before 27.09.2024. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mobil365 Informatics Saha365 App allows SQL Injection.
This issue affects Saha365 App: before 30.09.2024. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Vestel EVC04 Configuration Interface allows SQL Injection.
This issue affects EVC04 Configuration Interface: before V3.187, V4.53. |
| External Control of File Name or Path, : Incorrect Permission Assignment for Critical Resource vulnerability in Olgu Computer Systems e-Belediye allows Manipulating Web Input to File System Calls.
This issue affects e-Belediye: before 2.0.642. |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Bna Informatics PosPratik allows XSS Through HTTP Query Strings.
This issue affects PosPratik: before v3.2.1. |
| The Google Plus One Bottom plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.0.2. This is due to missing or incorrect nonce validation on the googlePlusOneAdmin function. This makes it possible for unauthenticated attackers to modify the plugin's settings, including the plusone-lang, plusone-callback, and plusone-url options stored in the database via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. |
| The BirdSeed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing nonce validation in the birdseed_plugin_settings_page() function. The function processes the 'birdseed_token' GET parameter and saves it to the database via update_option() without verifying a nonce. This makes it possible for unauthenticated attackers to change the plugin's BirdSeed token setting via a forged request, granted they can trick a site administrator into performing an action such as clicking a link. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TRtek Software Distant Education Platform allows SQL Injection, Parameter Injection.
This issue affects Distant Education Platform: before 3.2024.11. |
| Information Disclosure when processing advertisement frames with malformed MBSSID elements of insufficient length. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wind Media E-Commerce Website Template allows SQL Injection.
This issue affects E-Commerce Website Template: before v1.5. |
| Use of Hard-coded Credentials, Storage of Sensitive Data in a Mechanism without Access Control vulnerability in E-Kent Pallium Vehicle Tracking allows Authentication Bypass.
This issue affects Pallium Vehicle Tracking: before 17.10.2024. |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AirTies Air4443 Firmware allows Cross-Site Scripting (XSS).
This issue affects Air4443 Firmware: through 14102024.
NOTE: The vendor was contacted and it was learned that the product classified as End-of-Life and End-of-Support. |
| Authorization Bypass Through User-Controlled Key vulnerability in NextGeography NG Analyser allows Functionality Misuse.
This issue affects NG Analyser: before 2.2.711. |
| Improper Control of Generation of Code ('Code Injection'), Improper Neutralization of Special Elements used in a Command ('Command Injection'), Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in BG-TEK Informatics Security Technologies CoslatV3 allows Command Injection, Privilege Escalation.
This issue affects CoslatV3: through 3.1069.
NOTE: The vendor was contacted and it was learned that the product is not supported. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ISDO Software Web Software allows SQL Injection.
This issue affects Web Software: before 3.6. |
| Origin Validation Error vulnerability in Dataprom Informatics Personnel Attendance Control Systems (PACS) / Access Control Security Systems (ACSS) allows Traffic Injection.
This issue affects Personnel Attendance Control Systems (PACS) / Access Control Security Systems (ACSS): before 2024. |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Uyumsoft Informatin Systems Uyumsoft ERP allows XSS Using Invalid Characters, Reflected XSS.
This issue affects Uyumsoft ERP: before Erp4.2109.166p45. |
| Cross-Site Request Forgery (CSRF) vulnerability in Gosoft Software Proticaret E-Commerce allows Cross Site Request Forgery.
This issue affects Proticaret E-Commerce: before v6.0
NOTE: According to the vendor, fixing process is still ongoing for v4.05. |
