Missing Authorization vulnerability in WebToffee Smart Coupons for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Smart Coupons for WooCommerce: from n/a before 2.3.0.

Incorrect Privilege Assignment vulnerability in StoreApps Smart Manager allows Privilege Escalation. This issue affects Smart Manager: from n/a through 8.85.0.

Missing Authorization vulnerability in edward_plainview MyCryptoCheckout allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MyCryptoCheckout: from n/a through 2.161.

Cross-Site Request Forgery (CSRF) vulnerability in bgermann CformsII allows Cross Site Request Forgery. This issue affects CformsII: from n/a through 15.1.3.

Improper Control of Generation of Code ('Code Injection') vulnerability in VideoWhisper.Com Broadcast Live Video allows Code Injection. This issue affects Broadcast Live Video: from n/a before 7.1.3.

Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7 has insufficient HTML sanitization that could lead to Cascading Style Sheets (CSS) injection via an SVG document that has an animate element with the attributeName attribute.

Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has insecure code evaluation logic in LDAP the autovalues option that could lead to code injection. (Support for code evaluation has been removed in 1.6.16 and 1.7.1.)

Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16,and 1.7.x before 1.7.1 has Insufficient Cascading Style Sheets (CSS) sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links point to local network hosts. The issue stems from an insufficient fix for...

Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has Pre-authentication SQL injection in the virtuser_query plugin via a preg_replace() backslash escape bypass.

A vulnerability has been found in Edimax EW-7438RPn 1.31. This impacts the function formSDHCP of the file /goform/formSDHCP. Such manipulation of the argument submit-url leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be...

A flaw has been found in Edimax EW-7438RPn 1.31. This affects the function formStats of the file /goform/formStats. This manipulation of the argument submit-url causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been published and may be used. The vendor was co...

A vulnerability was detected in Edimax EW-7438RPn 1.31. The impacted element is the function formrefresh of the file /goform/formrefresh. The manipulation of the argument submit-url results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is now public and ma...

A security vulnerability has been detected in Edimax EW-7438RPn 1.31. The affected element is the function formLogout of the file /goform/formLogout. The manipulation of the argument submit-url leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been...

A vulnerability was found in yashpokharna2555 StudentManagementSystem up to cb2f558ddf8d19396de0f92abf2d224d46a0a203. Affected by this issue is the function confirm_logged_in of the file /studentdel.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotel...

A security vulnerability has been detected in yashpokharna2555 StudentManagementSystem cb2f558ddf8d19396de0f92abf2d224d46a0a203. This affects the function confirm_logged_in of the file student_trans.php. Such manipulation of the argument FIRST_NAME/Last_Name/EMAIL leads to sql injection. It is possi...

A weakness has been identified in yashpokharna2555 StudentManagementSystem cb2f558ddf8d19396de0f92abf2d224d46a0a203. The impacted element is an unknown function of the file /success.php. This manipulation of the argument User causes sql injection. It is possible to initiate the attack remotely. The ...

Improper Isolation or Compartmentalization vulnerability in Apache Syncope. An administrator with adequate entitlements for Implementations can create a malicious Groovy class containing untrusted code reaching a non-sandboxed execution path via the class static initializer. This issue affects Apa...

A vulnerability was found in Tiandy Easy7 Integrated Management Platform 7.17.0. This vulnerability affects unknown code of the file /Easy7/apps/WebService/GetDBDataEx.jsp. Performing a manipulation of the argument strTBName results in sql injection. Remote exploitation of the attack is possible. Th...

A flaw has been found in Edimax EW-7438RPn 1.31. Affected by this issue is the function formLicence of the file /goform/formLicence. This manipulation of the argument submit-url causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been published and may be used. ...

A vulnerability was detected in Edimax EW-7438RPn 1.31. Affected by this vulnerability is the function formWpsProxyEnable of the file /goform/formWpsProxyEnable. The manipulation of the argument submit-url results in stack-based buffer overflow. The attack can be launched remotely. The exploit is no...