| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| AirTies Air 5442 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. |
| AirTies Air 5650 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. |
| AirTies Air 5021 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. |
| AirTies Air 5750 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. |
| The WP Fastest Cache plugin 0.8.8.5 for WordPress has XSS via the rules[0][content] parameter in a wpfc_save_timeout_pages action. |
| The WP Fastest Cache plugin 0.8.8.5 for WordPress has XSS via the wpfastestcacheoptions wpFastestCachePreload_number or wpFastestCacheLanguage parameter. |
| The WP Fastest Cache plugin 0.8.8.5 for WordPress has CSRF via the wp-admin/admin.php wpfastestcacheoptions page. |
| The WP Fastest Cache plugin 0.8.8.5 for WordPress has XSS via the rules[0][content] parameter in a wpfc_save_exclude_pages action. |
| Tcpreplay v4.3.0 beta1 contains a heap-based buffer over-read. The get_next_packet() function in the send_packets.c file uses the memcpy() function unsafely to copy sequences from the source buffer pktdata to the destination (*prev_packet)->pktdata. This will result in a Denial of Service (DoS) and potentially Information Exposure when the application attempts to process a file. |
| CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service. |
| A heap-based buffer over-read exists in the function fast_edit_packet() in the file send_packets.c of Tcpreplay v4.3.0 beta1. This can lead to Denial of Service (DoS) and potentially Information Exposure when the application attempts to process a crafted pcap file. |
| SWA SWA.JACAD 3.1.37 Build 024 has SQL Injection via the /academico/aluno/esqueci-minha-senha/ studentId parameter. |
| An issue was discovered in YMFE YApi 1.3.23. There is stored XSS in the name field of a project. |
| The Wp-Insert plugin through 2.4.2 for WordPress allows upload of arbitrary PHP code because of the exposure and configuration of FCKeditor under fckeditor/editor/filemanager/browser/default/browser.html, fckeditor/editor/filemanager/connectors/test.html, and fckeditor/editor/filemanager/connectors/uploadtest.html. |
| InfluxDB 0.9.5 has Reflected XSS in the Write Data module. |
| Vanilla before 2.6.1 allows XSS via the email field of a profile. |
| utils/ut_ws_svr.c in ViaBTC Exchange Server before 2018-08-21 has an integer overflow leading to memory corruption. |
| network/nw_buf.c in ViaBTC Exchange Server before 2018-08-21 has an integer overflow leading to memory corruption. |
| utils/ut_rpc.c in ViaBTC Exchange Server before 2018-08-21 has an integer overflow leading to memory corruption. |
| Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 allows attackers to access arbitrary files by specifying a symlink in the "include" key in the "_config.yml" file. |
