4.8
CVE-2024-12567 - Email Subscribers < 5.7.45 - Admin+ Stored XSS
The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example inβ¦
4.8
CVE-2024-12566 - Email Subscribers < 5.7.45 - Admin+ Stored XSS
The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in mulβ¦
7.5
CVE-2024-12274 - BookingPress < 1.1.23 - Unauthenticated Export File Download
The Appointment Booking Calendar Plugin and Scheduling Plugin WordPress plugin before 1.1.23 export settings functionality exports data to a public folder, with an easily guessable file name, allowing unauthenticated attackers to access the exported files (if they exist).
4.8
CVE-2024-11636 - Email Subscribers < 5.7.45 - Admin+ Stored XSS
The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of its Text Block options, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for exampβ¦
7.8
CVE-2025-0412 - Luxion KeyShot Viewer KSP File Parsing Memory Corruption Remote Code Execution Vulnerability
Luxion KeyShot Viewer KSP File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit this vulnerability in that the target must vβ¦
5.3
CVE-2025-0410 - liujianview gymxmjpa MenberConntroller.java MenberDaoInpl sql injection
A vulnerability classified as critical was found in liujianview gymxmjpa 1.0. This vulnerability affects the function MenberDaoInpl of the file src/main/java/com/liujian/gymxmjpa/controller/MenberConntroller.java. The manipulation of the argument hyname leads to sql injection. The attack can be iniβ¦
5.3
CVE-2025-0409 - liujianview gymxmjpa MembertypeController.java MembertypeDaoImpl sql injection
A vulnerability classified as critical has been found in liujianview gymxmjpa 1.0. This affects the function MembertypeDaoImpl of the file src/main/java/com/liujian/gymxmjpa/controller/MembertypeController.java. The manipulation of the argument typeName leads to sql injection. It is possible to iniβ¦
5.3
CVE-2025-0408 - liujianview gymxmjpa LoosController.java LoosDaoImpl sql injection
A vulnerability was found in liujianview gymxmjpa 1.0. It has been rated as critical. Affected by this issue is the function LoosDaoImpl of the file src/main/java/com/liujian/gymxmjpa/controller/LoosController.java. The manipulation of the argument loosName leads to sql injection. The attack may beβ¦
5.3
CVE-2025-0407 - liujianview gymxmjpa EquipmentController.java EquipmentDaoImpl sql injection
A vulnerability was found in liujianview gymxmjpa 1.0. It has been declared as critical. Affected by this vulnerability is the function EquipmentDaoImpl of the file src/main/java/com/liujian/gymxmjpa/controller/EquipmentController.java. The manipulation of the argument hyname leads to sql injectionβ¦
5.3
CVE-2025-0406 - liujianview gymxmjpa SubjectController.java SubjectDaoImpl sql injection
A vulnerability was found in liujianview gymxmjpa 1.0. It has been classified as critical. Affected is the function SubjectDaoImpl of the file src/main/java/com/liujian/gymxmjpa/controller/SubjectController.java. The manipulation of the argument subname leads to sql injection. It is possible to lauβ¦