Missing Authorization vulnerability in pimwick PW WooCommerce On Sale! allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PW WooCommerce On Sale!: from n/a through 1.39.

Missing Authorization vulnerability in CodeSolz Ultimate Push Notifications allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ultimate Push Notifications: from n/a through 1.1.9.

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shinetheme Traveler allows SQL Injection. This issue affects Traveler: from n/a through n/a.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cmsMinds Pay with Contact Form 7 allows Reflected XSS. This issue affects Pay with Contact Form 7: from n/a through 1.0.4.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in karimmughal Dot html,php,xml etc pages allows Reflected XSS. This issue affects Dot html,php,xml etc pages: from n/a through 1.0.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kingdom Creation Media Folder allows Reflected XSS. This issue affects Media Folder: from n/a through 1.0.0.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EZiHosting Tennis Court Bookings allows Reflected XSS. This issue affects Tennis Court Bookings: from n/a through 1.2.7.

Missing Authorization vulnerability in uxper Sala allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Sala: from n/a through 1.1.3.

Missing Authorization vulnerability in uxper Nuss allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Nuss: from n/a through 1.3.3.

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in pakkemx Pakke Envíos allows SQL Injection. This issue affects Pakke Envíos: from n/a through 1.0.2.

Incorrect Privilege Assignment vulnerability in Unity Business Technology Pty Ltd The E-Commerce ERP allows Privilege Escalation. This issue affects The E-Commerce ERP: from n/a through 2.1.1.3.

This vulnerability exists in Digisol DG-GR6821AC Router due to misconfiguration of both Secure and HttpOnly flags on session cookies associated with the router web interface. A remote attacker could exploit this vulnerability by capturing the session cookies transmitted over an unsecure HTTP connection. Successful exploitation of this vulnerability could allow the attacker to obtain sensitive information from the targeted device.

This vulnerability exists in Digisol DG-GR6821AC Router due to cleartext transmission of credentials in its web management interface. A remote attacker could exploit this vulnerability by intercepting the network traffic and capturing cleartext credentials. Successful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the targeted device.

This vulnerability exists in Digisol DG-GR6821AC Router due to storage of credentials and PINS without encryption in the device firmware. An attacker with physical access could exploit this vulnerability by extracting the firmware and reverse engineer the binary data to access the unencrypted data stored in the firmware of targeted device. Successful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the network of the targeted device.

In Eclipse GlassFish since version 6.2.5 it is possible to perform a Server Side Request Forgery attack in specific endpoints.

This vulnerability exists in Digisol DG-GR6821AC Router due to hard-coded Root Access Credentials in system configuration of the device firmware. An attacker with physical access could exploit this vulnerability by extracting the firmware and analyzing the binary data to obtain the stored root access credentials. Successful exploitation of this vulnerability could allow the attacker to gain admin access to the targeted device.

In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting attacks in the Administration Console.

In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site Scripting attacks by modifying the configuration file in the underlying operating system.

In Eclipse GlassFish version 7.0.15 is possible to perform Reflected Cross-site scripting attacks in the Administration Console.

In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting attacks in the Administration Console.

Missing Authorization vulnerability in Bill Minozzi Real Estate Property 2024 Create Your Own Fields and Search Bar WP Plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Real Estate Property 2024 Create Your Own Fields and Search Bar WP Plugin: from n/a through 4.48.

Cross-Site Request Forgery (CSRF) vulnerability in Atakan Au Import CDN-Remote Images allows Stored XSS. This issue affects Import CDN-Remote Images: from n/a through 2.1.2.

Missing Authorization vulnerability in enituretechnology Residential Address Detection allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Residential Address Detection: from n/a through 2.5.9.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Parakoos Image Wall allows Stored XSS. This issue affects Image Wall: from n/a through 3.1.

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce YaySMTP allows SQL Injection. This issue affects YaySMTP: from n/a through 1.3.