| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Rescue Dispatch Management System 1.0 suffers from Stored XSS, leading to admin account takeover via cookie stealing. |
| Rescue Dispatch Management System 1.0 is vulnerable to Incorrect Access Control via http://localhost/rdms/admin/?page=system_info. |
| In Simple Food Website 1.0, a moderation can put the Cross Site Scripting Payload in any of the fields on http://127.0.0.1:1234/food/admin/all_users.php like Full Username, etc .This causes stored xss. |
| Lumidek Associates Simple Food Website 1.0 is vulnerable to Cross Site Request Forgery (CSRF) which allows anyone to takeover admin/moderater account. |
| A stored cross-site scripting (XSS) vulnerability in the upload function of totaljs CMS 3.4.5 allows attackers to execute arbitrary web scripts via a JavaScript embedded PDF file. |
| In the POST request of the appointment.php page of HMS v.0, there are SQL injection vulnerabilities in multiple parameters, and database information can be obtained through injection. |
| In HMS 1.0 when requesting appointment.php through POST, multiple parameters can lead to a SQL injection vulnerability. |
| GXCMS V1.5 has a file upload vulnerability in the background. The vulnerability is the template management page. You can edit any template content and then rename to PHP suffix file, after calling PHP file can control the server. |
| Session Fixation in GitHub repository snipe/snipe-it prior to 6.0.10. |
| A flaw was found in the python-scciclient when making an HTTPS connection to a server where the server's certificate would not be verified. This issue opens up the connection to possible Man-in-the-middle (MITM) attacks. |
| A heap-based buffer overflow was found in the Linux kernel's LightNVM subsystem. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. This vulnerability allows a local attacker to escalate privileges and execute arbitrary code in the context of the kernel. The attacker must first obtain the ability to execute high-privileged code on the target system to exploit this vulnerability. |
| An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container. |
| Enabling and disabling installed H5P libraries did not include the necessary token to prevent a CSRF risk. |
| Use After Free in GitHub repository vim/vim prior to 9.0.0260. |
| The Download Monitor WordPress plugin before 4.5.98 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite setup. |
| NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0259. |
| A flaw use after free in the Linux kernel NILFS file system was found in the way user triggers function security_inode_alloc to fail with following call to function nilfs_mdt_destroy. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. |
| A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after-free and create a situation where it may be possible to escalate privileges on the system. |
| A vulnerability related to weak permissions was detected in Avaya Aura Application Enablement Services web application, allowing an administrative user to modify accounts leading to execution of arbitrary code as the root user. This issue affects Application Enablement Services versions 8.0.0.0 through 8.1.3.4 and 10.1.0.0 through 10.1.0.1. Versions prior to 8.0.0.0 are end of manufacturing support and were not evaluated. |
| Improper Restriction of Rendered UI Layers or Frames in GitHub repository notrinos/notrinoserp prior to 0.7. |
