| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Jfinal_cms 5.1.0 is vulnerable to SQL Injection via com.jflyfox.system.log.LogController.java. |
| The function wav_format_write in libwav.c in libwav through 2017-04-20 has an Use of Uninitialized Variable vulnerability. |
| Tcpreplay version 4.4.1 contains a memory leakage flaw in fix_ipv6_checksums() function. The highest threat from this vulnerability is to data confidentiality. |
| CSV-Safe gem < 3.0.0 doesn't filter out special characters which could trigger CSV Injection. |
| ALLMediaServer 1.6 is vulnerable to Buffer Overflow via MediaServer.exe. |
| SeedDMS versions 6.0.18 and 5.1.25 and below are vulnerable to stored XSS. An attacker with admin privileges can inject the payload inside the "Role management" menu and then trigger the payload by loading the "Users management" menu |
| SeedDMS 6.0.17 and 5.1.24 are vulnerable to Directory Traversal. The "Remove file" functionality inside the "Log files management" menu does not sanitize user input allowing attackers with admin privileges to delete arbitrary files on the remote system. |
| WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS). |
| In ffjpeg (commit hash: caade60), the function bmp_load() in bmp.c contains an integer overflow vulnerability, which eventually results in the heap overflow in jfif_encode() in jfif.c. This is due to the incomplete patch for issue 38 |
| marcador package in PyPI 0.1 through 0.13 included a code-execution backdoor. |
| Payroll Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter. |
| Online Student Admission v1.0 was discovered to contain a SQL injection vulnerability via the txtapplicationID parameter. |
| Apifox through 2.1.6 is vulnerable to Cross Site Scripting (XSS) which can lead to remote code execution. |
| novel-plus 3.6.0 suffers from an Arbitrary file reading vulnerability. |
| mingyuefusu Library Management System all versions as of 03-27-2022 is vulnerable to SQL Injection. |
| Limbas 4.3.36.1319 is vulnerable to Cross Site Scripting (XSS). |
| Red Planet Laundry Management System 1.0 is vulnerable to SQL Injection. |
| nopCommerce 4.50.1 is vulnerable to Directory Traversal via the backup file in the Maintenance feature. |
| nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS) via the "Text" parameter (forums) when creating a new post, which allows a remote attacker to execute arbitrary JavaScript code at client browser. |
| nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). At Apply for vendor account feature, an attacker can upload an arbitrary file to the system. |