Latest medium severity Vulnerabilities

code-projects Matrimonial Site sql injection
SourceCodester Simple Invoice Generator System login.php cross site scripting
PHPGurukul Teacher Subject Allocation Management System index.php cross site scripting
PHPGurukul Nipah Virus Testing Management System password-recovery.php sql injection
AMTT HiBOS sql injection
The Welcart e-Commerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.6 via the upload_certificate_file function. This makes it possible for admini...
The Digital Publications by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.6. This is due to missing or incorrect nonce validation on ...
Micro Focus ArcSight Management Center Remote Vulnerability
Local Privilege Escalation in pyinstaller on Windows
pip/pyinstaller<5.13.1
### Impact A PyInstaller built application, elevated as a privileged process, may be tricked by an unprivileged attacker into deleting files the unprivileged user does not otherwise have access to. ...
pip/pyinstaller<5.13.1
Server-Side Request Forgery in nuxt-api-party
Denial of service by abusing `fetchOptions.retry` in nuxt-api-party
Duplicated execution of subcalls in OpenZeppelin Contracts
Vault May be Vulnerable to a Denial of Service Through Memory Exhaustion When Handling Large HTTP Requests
Cross-Site-Scripting vulnerability in error message passing in richdocumentscode
Improper handling of browser-side provided input in richdocuments path handling
Groups not dropped before running subprocess when using empty 'extra_groups' parameter
SourceCodester Simple Student Attendance System class_form.php sql injection
SourceCodester Simple Student Attendance System index.php file inclusion
SourceCodester Simple Student Attendance System attendance.php sql injection
QTS, QuTS hero
QTS, QuTS hero
QTS, QuTS hero
Legacy VioStor NVR
Totolink X5000R cstecgi.cgi setWizardCfg os command injection
### Impact The Candid library causes a Denial of Service while parsing a specially crafted payload with `empty` data type. For example, if the payload is `record { * ; empty }` and the canister inte...
rust/candid>=0.9.0<0.9.10
From HackerOne report [#1948040](https://hackerone.com/reports/1948040) by Halit AKAYDIN (hltakydn) ### Impact _What kind of vulnerability is it? Who is impacted?_ The TinyMCE WYSIWYG editor fails t...
composer/openmage/magento-lts<20.2.0
Tongda OA 2017 delete.php sql injection
Any image allowed by default
pip/dockerspawner>=0.11.0<13.0.0
### Impact Users of JupyterHub deployments running DockerSpawner starting with 0.11.0 without specifying `DockerSpawner.allowed_images` configuration allow users to launch _any_ pullable image, inste...
pip/dockerspawner>=0.11.0<13.0.0
Tongda OA 2017 delete.php sql injection
Infinite decoding loop through specially crafted payload
rust/candid>=0.9.0<0.9.10
Stored XSS Vulnerability in QualysGuard VM/PC
Tongda OA 2017 delete.php sql injection
Kernel: null pointer dereference vulnerability in nft_dynset_init()
Kernel: oob access in smb2_dump_detail
Kernel: out-of-bounds read vulnerability in smbcalcsize
Dell PowerEdge BIOS contains an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation. ...
All versions of the package mockjs are vulnerable to Prototype Pollution via the Util.extend function due to missing check if the attribute resolves to the object prototype. By adding or modifying att...
Phantom DLL Vulnerabilities in Iconics Suite
Student Information System v1.0 - Unauthenticated SQL Injection
Student Information System v1.0 - Insecure File Upload
D-Link DAR-7000 workidajax.php sql injection
D-Link DIR-846 QoS POST deserialization
osCommerce POST Parameter shopping-cart sql injection
Software AG WebMethods access control
Beijing Baichuo PatrolFlow 2530Pro mailsendview.php path traversal

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2023 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203