Vulnerability discovered by executing a planned security audit. Improper Control of Generation of Code ('Code Injection') vulnerability in WPENGINE INC Advanced Custom Fields PRO allows Code Injection.This issue affects Advanced Custom Fields PRO: from n/a before 6.2.10.

Missing Authorization vulnerability in WP Travel Engine.This issue affects WP Travel Engine: from n/a through 5.8.0.

** REJECT ** Accidental duplicate assignment of CVE-2024-4755. Please use CVE-2024-4755.

Insufficient user input filtering leads to arbitrary file read by non-authenticated attacker, which results in sensitive information disclosure.

Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to access sensitive information and modifying the agent configuration.

Zoho ManageEngine ServiceDesk Plus versions below 14730, ServiceDesk Plus MSP below 14720 and SupportCenter Plus below 14720 are vulnerable to stored XSS in the Custom Actions menu on the request details. This vulnerability can be exploited only by the SDAdmin role users.

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection in lockout history option. Note: Non-admin users cannot exploit this vulnerability.

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while getting file server details.

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while exporting a full summary report.

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the dashboard graph feature.