| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The Tiff_Loader.dll is vulnerable to infinite loop condition while parsing specially crafted TIFF files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. |
| ForestBlog through 2022-02-16 allows admin/profile/save userAvatar XSS during addition of a user avatar. |
| Bento4 v1.6.0.0 was discovered to contain a segmentation fault via the component /x86_64/multiarch/strlen-avx2.S. |
| A local file inclusion vulnerability in Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to read arbitrary files. |
| A command injection in the command parameter of Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to execute arbitrary commands via a crafted POST request. |
| Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Cyber Cafe Management System Project v1.0 allows attackers to bypass authentication. |
| An insecure direct object reference (IDOR) vulnerability in the viewid parameter of Bus Pass Management System v1.0 allows attackers to access sensitive information. |
| Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Dairy Farm Shop Management System v1.0 allows attackers to bypass authentication. |
| Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Directory Management System v1.0 allows attackers to bypass authentication. |
| Multiple cross-site scripting (XSS) vulnerabilities in the component /obcs/user/profile.php of Online Birth Certificate System v1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fname or lname parameters. |
| Diary Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name parameter in search-result.php. |
| A Cross-Site Request Forgery (CSRF) in XXL-Job v2.3.0 allows attackers to arbitrarily create administrator accounts via the component /gaia-job-admin/user/add. |
| In SpringBootMovie <=1.2, the uploaded file suffix parameter is not filtered, resulting in arbitrary file upload vulnerability |
| Insecure permissions in the install directories and binaries of Dev-CPP v4.9.9.2 allows attackers to execute arbitrary code via overwriting the binary devcpp.exe. |
| Xlight FTP v3.9.3.2 was discovered to contain a stack-based buffer overflow which allows attackers to leak sensitive information via crafted code. |
| CSZCMS v1.3.0 allows attackers to execute a Server-Side Request Forgery (SSRF) which can be leveraged to leak sensitive data via a local file inclusion at /admin/filemanager/connector/. |
| Rengine v1.0.2 was discovered to contain a remote code execution (RCE) vulnerability via the yaml configuration function. |
| Small HTTP Server version 3.06 suffers from a remote buffer overflow vulnerability via long GET request. |
| Multi Store Inventory Management System v1.0 allows attackers to perform an account takeover via a crafted POST request. |
| A Cross-Site Request Forgery (CSRF) in Online Banquet Booking System v1.0 allows attackers to change admin credentials via a crafted POST request. |