Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
super vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2020-21503
waimai Super Cms 20150505 has a logic flaw allowing malicious users to modify a price, before form submission, by observing data in a packet capture. By setting the index.php?m=gift&a=addsave credit parameter to -1, the product is sold for free.
Waimai Super Cms Project Waimai Super Cms 20150505
6.1
CVSSv3
CVE-2020-21504
waimai Super Cms 20150505 contains a cross-site scripting (XSS) vulnerability in the component /admin.php?&m=Public&a=login.
Waimai Super Cms Project Waimai Super Cms 20150505
6.1
CVSSv3
CVE-2020-21505
waimai Super Cms 20150505 contains a cross-site scripting (XSS) vulnerability in the component /admin.php/Link/addsave.
Waimai Super Cms Project Waimai Super Cms 20150505
6.1
CVSSv3
CVE-2020-21506
waimai Super Cms 20150505 contains a cross-site scripting (XSS) vulnerability in the component /admin.php?m=Config&a=add.
Waimai Super Cms Project Waimai Super Cms 20150505
5.5
CVSSv3
CVE-2023-27652
An issue found in Ego Studio SuperClean v.1.1.9 and v.1.1.5 allows an malicious user to gain privileges cause a denial of service via the update_info field of the _default_.xml file.
Egostudiogroup Super Clean 1.1.5
Egostudiogroup Super Clean 1.1.9
NA
CVE-2006-7033
Cross-site scripting (XSS) vulnerability in Super Link Exchange Script 1.0 allows remote malicious users to inject arbitrary web script or HTML via IMG tags in the search box.
Super Link Exchange Script Super Link Exchange Script 1.0
NA
CVE-2006-7035
Directory traversal vulnerability in make_thumbnail.php in Super Link Exchange Script 1.0 allows remote malicious users to read arbitrary files via ".." sequences in the imgpath parameter.
Super Link Exchange Script Super Link Exchange Script 1.0
9.8
CVSSv3
CVE-2018-17391
SQL Injection exists in authors_post.php in Super Cms Blog Pro 1.0 via the author parameter.
Super Cms Blog Pro Project Super Cms Blog Pro 1.0
1 EDB exploit
NA
CVE-2014-100026
Cross-site scripting (XSS) vulnerability in readme.php in the April's Super Functions Pack plugin prior to 1.4.8 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the page parameter. NOTE: some of these details are obtained from third par...
April\\'s Super Functions Pack Project April\\'s Super Functions Pack
5.4
CVSSv3
CVE-2022-4484
The Social Share, Social Login and Social Comments Plugin WordPress plugin prior to 7.13.44 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Sit...
Heateor Super Socializer
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »