| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Projectworlds Online Art Gallery Project 1.0 allows unauthenticated users to perform arbitrary file uploads via the adminHome.php page. Note: This has been disputed as not a valid vulnerability. |
| Sourcecodester Online Pizza Ordering System v1.0 has a Cross-site scripting (XSS) vulnerability in "/admin/index.php?page=categories" Category item. |
| TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadSetting function. |
| TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the ussd parameter in the setUssd function. |
| TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function. |
| TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the hostname parameter in the setOpModeCfg function. |
| Tenda AC10 v15.03.06.26 was discovered to contain a command injection vulnerability via the mac parameter in the function formWriteFacMac. |
| ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function BackwardPass::IsEmptyLoopAfterMemOp(). |
| ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function Js::EntryPointInfo::HasInlinees(). |
| ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function Js::ProfilingHelpers::ProfiledNewScArray(). |
| ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function Js::DiagScopeVariablesWalker::GetChildrenCount(). |
| ChakraCore branch master cbb9b was discovered to contain a stack overflow vulnerability via the function Js::ScopeSlots::IsDebuggerScopeSlotArray(). |
| A stored cross-site scripting (XSS) vulnerability in the Basic Website Information module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. |
| A stored cross-site scripting (XSS) vulnerability in the Image Upload module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. |
| A stored cross-site scripting (XSS) vulnerability in the Basic Information module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. |
| A stored cross-site scripting (XSS) vulnerability in the Column management module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. |
| A stored cross-site scripting (XSS) vulnerability in the custom variables module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. |
| A Cross-Site Request Forgery (CSRF) in the component /public/admin/profile/update.html of YznCMS v1.1.0 allows attackers to arbitrarily change the Administrator password via a crafted POST request. |
| A stored cross-site scripting (XSS) vulnerability in the Management Custom label module of SEACMS v12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. |
| A stored cross-site scripting (XSS) vulnerability in the Site Setup module of SEACMS v12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. |
