| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| LIEF commit 5d1d643 was discovered to contain a heap-buffer overflow in the component /core/CorePrPsInfo.tcc. |
| AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the component /admin/profile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. |
| Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /maintenance/manage_leave_type.php. |
| Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /employees/manage_leave_type.php. |
| Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /maintenance/manage_department.php. |
| Onedev v7.4.14 contains a path traversal vulnerability which allows attackers to access restricted files and directories via uploading a crafted JAR file into the directory /opt/onedev/lib. |
| An issue in the Elasticsearch plugin of Appsmith v1.7.11 allows attackers to connect disallowed hosts to the AWS/GCP internal metadata endpoint. |
| Appsmith v1.7.11 was discovered to allow attackers to execute an authenticated Server-Side Request Forgery (SSRF) via redirecting incoming requests to the AWS internal metadata endpoint. |
| UCMS v1.6.0 contains an authentication bypass vulnerability which is exploited via cookie poisoning. |
| Cuppa CMS v1.0 was discovered to contain an arbitrary file upload vulnerability via the File Manager. |
| Cuppa CMS v1.0 was discovered to contain a cross-site scripting vulnerability at /table_manager/view/cu_user_groups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field under the Add New Group function. |
| SLiMS Senayan Library Management System v9.4.2 was discovered to contain multiple Server-Side Request Forgeries via the components /bibliography/marcsru.php and /bibliography/z3950sru.php. |
| SLiMS Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Search function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search bar. |
| JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/role/list. |
| JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/menu/list. |
| JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/department/list. |
| JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/video/list. |
| JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/videoalbum/list. |
| JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/site/list. |
| JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/image/list. |
