Cross Site Scripting (XSS) vulnerability in Booking Core – Ultimate Booking System Booking Core 1.7.0 via the (1) "About Yourselfâ€� section under the “My Profileâ€�…

The “Subscribeâ€� feature in Ultimate Booking System Booking Core 1.7.0 is vulnerable to CSV formula injection. The input containing the excel formula is not being…

Cross Site Request Forgery (CSRF) vulnerability in Booking Core – Ultimate Booking System Booking Core 1.7.0 . The CSRF token is not being validated when…

The “Subscribeâ€� feature in Ultimate Booking System Booking Core 1.7.0 is vulnerable to CSV formula injection. The input containing the excel formula is not being…

Cross Site Request Forgery (CSRF) vulnerability in Booking Core – Ultimate Booking System Booking Core 1.7.0 . The CSRF token is not being validated when…

In setNiNotification of GpsNetInitiatedHandler.java, there is a possible permissions bypass due to an empty mutable PendingIntent. This could lead to local escalation of privilege with…

Mikrotik RouterOs through stable version 6.48.3 suffers from a memory corruption vulnerability in the /nova/bin/detnet process. An authenticated remote attacker can cause a Denial of…

In setNiNotification of GpsNetInitiatedHandler.java, there is a possible permissions bypass due to an empty mutable PendingIntent. This could lead to local escalation of privilege with…

Insecure default variable initialization for the Intel BSSA DFT feature may allow a privileged user to potentially enable an escalation of privilege via local access.…

Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via…