| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An issue was discovered in the Asset Pipeline plugin before 3.0.4 for Grails. An attacker can perform directory traversal via a crafted request when a servlet-based application is executed in Jetty, because there is a classloader vulnerability that can allow a reverse file traversal route in AssetPipelineFilter.groovy or AssetPipelineFilterCore.groovy. |
| In Zoho ManageEngine AssetExplorer, a Stored XSS vulnerability was discovered in the 6.2.0 version via the /AssetDef.do ciName or assetName parameter. |
| In the 5.4.0 version of the Fork CMS software, HTML Injection and Stored XSS vulnerabilities were discovered via the /backend/ajax URI. |
| AirTies Air 5443v2 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. |
| AirTies Air 5453 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. |
| AirTies Air 5343v2 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. |
| AirTies Air 5442 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. |
| AirTies Air 5650 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. |
| AirTies Air 5021 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. |
| AirTies Air 5750 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. |
| The WP Fastest Cache plugin 0.8.8.5 for WordPress has XSS via the rules[0][content] parameter in a wpfc_save_timeout_pages action. |
| The WP Fastest Cache plugin 0.8.8.5 for WordPress has XSS via the wpfastestcacheoptions wpFastestCachePreload_number or wpFastestCacheLanguage parameter. |
| The WP Fastest Cache plugin 0.8.8.5 for WordPress has CSRF via the wp-admin/admin.php wpfastestcacheoptions page. |
| The WP Fastest Cache plugin 0.8.8.5 for WordPress has XSS via the rules[0][content] parameter in a wpfc_save_exclude_pages action. |
| Tcpreplay v4.3.0 beta1 contains a heap-based buffer over-read. The get_next_packet() function in the send_packets.c file uses the memcpy() function unsafely to copy sequences from the source buffer pktdata to the destination (*prev_packet)->pktdata. This will result in a Denial of Service (DoS) and potentially Information Exposure when the application attempts to process a file. |
| CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service. |
| A heap-based buffer over-read exists in the function fast_edit_packet() in the file send_packets.c of Tcpreplay v4.3.0 beta1. This can lead to Denial of Service (DoS) and potentially Information Exposure when the application attempts to process a crafted pcap file. |
| SWA SWA.JACAD 3.1.37 Build 024 has SQL Injection via the /academico/aluno/esqueci-minha-senha/ studentId parameter. |
| An issue was discovered in YMFE YApi 1.3.23. There is stored XSS in the name field of a project. |
| The Wp-Insert plugin through 2.4.2 for WordPress allows upload of arbitrary PHP code because of the exposure and configuration of FCKeditor under fckeditor/editor/filemanager/browser/default/browser.html, fckeditor/editor/filemanager/connectors/test.html, and fckeditor/editor/filemanager/connectors/uploadtest.html. |
