6.7
CVE-2022-33862 - Improper access control mechanism in IPP
IPP software prior to v1.71 is vulnerable to default credential vulnerability. This could lead attackers to identify and access vulnerable systems.
5.1
CVE-2022-33861 - Insufficient verification of authenticity in IPP
IPP software versions prior to v1.71 do not sufficiently verify the authenticity of data, in a way that causes it to accept invalid data.
5.2
CVE-2021-23282 - Stored Cross-site Scripting reported in Intelligent Power Manager v1
Eaton Intelligent Power Manager (IPM) prior to 1.70 is vulnerable to stored Cross site scripting. The vulnerability exists due to insufficient validation of input from certain resources by the IPM software. The attacker would need access to the local Subnet and an administrator interaction to comprβ¦
6.9
CVE-2024-11663 - Codezips E-Commerce Site search.php sql injection
A vulnerability classified as critical was found in Codezips E-Commerce Site 1.0. Affected by this vulnerability is an unknown functionality of the file search.php. The manipulation of the argument keywords leads to sql injection. The attack can be launched remotely. The exploit has been disclosed β¦
5.3
CVE-2024-11662 - welliamcao OpsManage API Endpoint deploy_api.py deploy_host_vars deserialization
A vulnerability was found in welliamcao OpsManage 3.0.1/3.0.2/3.0.3/3.0.4/3.0.5. It has been rated as critical. This issue affects the function deploy_host_vars of the file /apps/api/views/deploy_api.py of the component API Endpoint. The manipulation leads to deserialization. The attack may be initβ¦
5.3
CVE-2024-11661 - Codezips Free Exam Hall Seating Management System Profile Image profile.php unrestricted upload
A vulnerability was found in Codezips Free Exam Hall Seating Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file profile.php of the component Profile Image Handler. The manipulation of the argument image leads to unrestricted upload. The aβ¦
5.3
CVE-2024-11660 - code-projects Farmacia usuario.php cross site scripting
A vulnerability was found in code-projects Farmacia 1.0. It has been classified as problematic. This affects an unknown part of the file usuario.php. The manipulation of the argument name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed tβ¦
5.1
CVE-2024-11659 - EnGenius ENH1350EXT/ENS500-AC/ENS620EXT diag_iperf command injection
A vulnerability was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/network/diag_iperf. The manipulation of the argument iperf leads to command injection. The attack may be launcβ¦
5.1
CVE-2024-11658 - EnGenius ENH1350EXT/ENS500-AC/ENS620EXT ajax_getChannelList command injection
A vulnerability has been found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/network/ajax_getChannelList. The manipulation of the argument countryCode leads to command injectioβ¦
3.5
CVE-2024-7056 - WPForms < 1.9.1.6 - Admin+ Stored XSS
The WPForms WordPress plugin before 1.9.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).