103 results (0.004 seconds)

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

15 May 2025 — Execution with Unnecessary Privileges vulnerability in the Pager agent of multi-agent notification feature in Mitsubishi Electric Iconics Digital Solutions GENESIS64 prior to 10.97.3, Mitsubishi Electric GENESIS64 all versions and Mitsubishi Electric MC Works64 all versions allows a local authenticated attacker to make an unauthorized write to arbitrary files, by creating a symbolic link from a file used as a write destination by the services of the affected products to a target file. This could allow the a... • https://jvn.jp/vu/JVNVU93838985 • CWE-250: Execution with Unnecessary Privileges •

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0

17 Feb 2025 — Orca HCM from Learning Digital has a SQL Injection vulnerability, allowing attackers with regular privileges to inject arbitrary SQL commands to read, modify, and delete database contents. • https://www.twcert.org.tw/en/cp-139-8432-4b516-2.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0

17 Feb 2025 — Orca HCM from LEARNING DIGITAL has an Arbitrary File Upload vulnerability, allowing remote attackers with regular privileges to upload and run web shells • https://www.twcert.org.tw/en/cp-139-8430-32513-2.html • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

17 Feb 2025 — Orca HCM from LEARNING DIGITAL has an Improper Authentication vulnerability, allowing unauthenticated remote attackers to log in to the system as any user. • https://www.twcert.org.tw/en/cp-139-8428-59a9a-2.html • CWE-1390: Weak Authentication •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

07 Jan 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpecommerce, wp.insider Sell Digital Downloads allows Stored XSS.This issue affects Sell Digital Downloads: from n/a through 2.2.7. The Sell Digital Downloads plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and... • https://patchstack.com/database/wordpress/plugin/sell-digital-downloads/vulnerability/wordpress-sell-digital-downloads-plugin-2-2-7-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

17 Dec 2024 — Authentication Bypass by Assumed-Immutable Data vulnerability in Digital Operation Services WiFiBurada allows Manipulating User-Controlled Variables.This issue affects WiFiBurada: before 1.0.5. • https://www.usom.gov.tr/bildirim/tr-24-1888 • CWE-302: Authentication Bypass by Assumed-Immutable Data CWE-799: Improper Control of Interaction Frequency •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

17 Dec 2024 — Improper Restriction of Excessive Authentication Attempts vulnerability in Digital Operation Services WiFiBurada allows Use of Known Domain Credentials.This issue affects WiFiBurada: before 1.0.5. • https://www.usom.gov.tr/bildirim/tr-24-1888 • CWE-201: Insertion of Sensitive Information Into Sent Data CWE-307: Improper Restriction of Excessive Authentication Attempts •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

03 Dec 2024 — An issue in Beijing Digital China Yunke Information Technology Co.Ltd v.7.2.6.120 allows a remote attacker to execute arbitrary code via the code/function/dpi/web_auth/customizable.php file • https://github.com/ZackSecurity/VulnerReport/blob/cve/DCN/2.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

08 Nov 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Teconce Wezido allows DOM-Based XSS.This issue affects Wezido: from n/a through 1.2. The Wezido plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execut... • https://patchstack.com/database/vulnerability/wezido-elementor-addon-based-on-easy-digital-downloads/wordpress-wezido-plugin-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

14 Oct 2024 — Unrestricted Upload of File with Dangerous Type vulnerability in Shafiq Digital Lottery allows Upload a Web Shell to a Web Server.This issue affects Digital Lottery: from n/a through 3.0.5. La vulnerabilidad de carga sin restricciones de archivos con tipos peligrosos en Shafiq Digital Lottery permite cargar un shell web a un servidor web. Este problema afecta a Digital Lottery: desde n/a hasta 3.0.5. The Digital Lottery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type va... • https://patchstack.com/database/vulnerability/digital-lottery/wordpress-digital-lottery-plugin-3-0-5-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •