| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| ftcms <=2.1 was discovered to be vulnerable to code execution attacks . |
| ftcms <=2.1 was discovered to be vulnerable to Arbitrary File Read via tp.php |
| ftcms <=2.1 was discovered to be vulnerable to directory traversal attacks via the parameter tp. |
| ftcms <=2.1 was discovered to be vulnerable to Arbitrary File Write via admin/controllers/tp.php |
| Shopwind <=v3.4.2 was discovered to contain a Arbitrary File Delete vulnerability via the neirong parameter at \backend\controllers\DbController.php. |
| Shopwind <=v3.4.2 was discovered to contain a Arbitrary File Download vulnerability via the neirong parameter at \backend\controllers\DbController.php. |
| Shopwind <=v3.4.2 was discovered to contain a stored cross-site scripting (XSS) vulnerability. |
| Prime95 30.7 build 9 suffers from a Buffer Overflow vulnerability that could lead to Remote Code Execution. |
| In Covid 19 Travel Pass Management 1.0, the code parameter is vulnerable to SQL injection attacks. |
| In Home Clean Service System 1.0, the password parameter is vulnerable to SQL injection attacks. |
| Gnuboard 5.55 and 5.56 is vulnerable to Cross Site Scripting (XSS) via bbs/member_confirm.php. |
| A Server-Side Request Forgery (SSRF) in Rebuild v2.8.3 allows attackers to obtain the real IP address and scan Intranet information via the fileurl parameter. |
| Mingsoft MCMS 5.2.7 was discovered to contain a SQL injection vulnerability in /mdiy/dict/list URI via orderBy parameter. |
| Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability in /mdiy/dict/listExcludeApp URI via orderBy parameter. |
| An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_decode() performs incorrect memory handling while parsing crafted XML files, leading to a heap out-of-bounds read. |
| Tenda AX1803 v1.0.0.1_2890 is vulnerable to Buffer Overflow. The vulnerability lies in rootfs_ In / goform / setsystimecfg of / bin / tdhttpd in ubif file system, attackers can access http://ip/goform/SetSysTimeCfg, and by setting the ntpserve parameter, the stack buffer overflow can be caused to achieve the effect of router denial of service. |
| MA Lighting grandMA2 Light has a password of root for the root account. NOTE: The vendor's position is that the product was designed for isolated networks. Also, the successor product, grandMA3, is not affected by this vulnerability. |
| Flower, a web UI for the Celery Python RPC framework, all versions as of 05-02-2022 is vulnerable to an OAuth authentication bypass. An attacker could then access the Flower API to discover and invoke arbitrary Celery RPC calls or deny service by shutting down Celery task nodes. |
| Tenda TX9 Pro V22.03.02.10 is vulnerable to Buffer Overflow via the functtion setIPv6Status() in httpd module. |
| Dradis Professional Edition before 4.3.0 allows attackers to change an account password via reusing a password reset token. |