| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| There is a Out-of-Bound Write in the Allwinner R818 SoC Android Q SDK V1.0 camera driver "/dev/cedar_dev" through iotcl cmd IOCTL_SET_PROC_INFO and IOCTL_COPY_PROC_INFO, which could cause a system crash or EoP. |
| Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow via the list parameter in the fromSetIpMacBind function. |
| Raspberry Pi OS through 5.10 has the raspberry default password for the pi account. If not changed, attackers can gain administrator privileges. |
| Directory traversal vulnerability in Online Catering Reservation System 1.0 exists due to lack of validation in index.php. |
| Persistent cross-site scripting (XSS) in Hospital Management System targeted towards web admin through contact.php. |
| Persistent cross-site scripting (XSS) in Hospital Management System targeted towards web admin through prescribe.php. |
| Unauthenticated doctor entry deletion in Hospital Management System in admin-panel1.php. |
| SQL Injection vulnerability in Hospital Management System due to lack of input validation in messearch.php. |
| An unrestricted file upload on Simple Image Gallery Web App can be exploited to upload a web shell and executed to gain unauthorized access to the server hosting the web app. |
| A cross-site scripting (XSS) vulnerability in Online Catering Reservation System using PHP on Sourcecodester allows an attacker to arbitrarily inject code in the search bar. |
| A HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponent_constants.php. A modified HTTP header can change links on the webpage to an arbitrary value, leading to a possible attack vector for MITM. |
| Chamilo LMS v1.11.14 was discovered to contain a zero click code injection vulnerability which allows attackers to execute arbitrary code via a crafted plugin. This vulnerability is triggered through user interaction with the attacker's profile page. |
| FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/logs/items |
| Fuel CMS 1.5.0 has a brute force vulnerability in fuel/modules/fuel/controllers/Login.php |
| FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/pages/items |
| FUEL CMS 1.5.0 login.php contains a cross-site request forgery (CSRF) vulnerability |
| In Plib through 1.85, there is an integer overflow vulnerability that could result in arbitrary code execution. The vulnerability is found in ssgLoadTGA() function in src/ssg/ssgLoadTGA.cxx file. |
| imgURL 2.31 allows XSS via an X-Forwarded-For HTTP header. |
| OneNav 0.9.12 allows Information Disclosure of the onenav.db3 contents. NOTE: the vendor's recommended solution is to block the access via an NGINX configuration file. |
| In gitit before 0.15.0.0, the Export feature can be exploited to leak information from files. |
