8.7
CVE-2024-58276 - Obi08-Enrollment System 1.0 login.php SQL Injection
Obi08/Enrollment System 1.0 contains a SQL injection vulnerability in the keyword parameter of /get_subject.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can use UNION-based injection to extract sensitive information from the users table including usernames aβ¦
8.7
CVE-2024-58275 - Easywall 0.3.1 - Authentication Bypass via Command Injection in /ports-save Endpoint
Easywall 0.3.1 allows authenticated remote command execution via a command injection vulnerability in the /ports-save endpoint that suffers from a parameter injection flaw. Attackers can inject shell metacharacters to execute arbitrary commands on the server.
5.3
CVE-2023-53735 - WEBIGniter 28.7.23 Cross-Site Scripting (XSS) in User Creation Process
WEBIGniter 28.7.23 contains a cross-site scripting vulnerability in the user creation process that allows unauthenticated attackers to execute malicious JavaScript code, enabling potential XSS attacks.
8.7
CVE-2023-53734 - dawa-pharma-1.0 - SQL Injection via Email Parameter
dawa-pharma-1.0 allows unauthenticated attackers to execute SQL queries on the server, allowing them to access sensitive information and potentially gain administrative access.
8.6
CVE-2025-27935 - Authentication Bypass in OTP (One-time Passcode) IdP Adapter Integration Kit
The OTP Integration Kit for PingFederate fails to enforce HTTP method validation and state validation properly. The server advances the authentication state without verifying the OTP, thereby bypassing multi-factor authentication.
8.8
CVE-2025-13543 - PostGallery <= 1.12.5 - Authenticated (Subscriber+) Arbitrary File Upload
The PostGallery plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'PostGalleryUploader' class functions in all versions up to, and including, 1.12.5. This makes it possible for authenticated attackers, with subscriber-level and above permissioβ¦
2.2
CVE-2025-12997 -
Insecure Direct Object Reference vulnerability in Medtronic CareLink Network which allows an authenticated attacker with access to specific device and user information to submit web requests to an API endpoint that would expose sensitive user information. This issue affects CareLink Network: beforeβ¦
4.1
CVE-2025-12996 -
Medtronic CareLink Network allows a local attacker with access to log files on an internal API server to view plaintext passwords from errors logged under certain circumstances. This issue affects CareLink Network: before December 4, 2025.
8.1
CVE-2025-12995 -
Medtronic CareLink Network allows an unauthenticated remote attacker to perform a brute force attack on an API endpoint that could be used to determine a valid password under certain circumstances. This issue affects CareLink Network: before December 4, 2025.
5.3
CVE-2025-12994 -
Medtronic CareLink Network allows an unauthenticated remote attacker to initiate a request for security questions to an API endpoint that could be used to determine a valid user account. This issue affects CareLink Network: before December 4, 2025.