| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/WriteFacMac. |
| Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/exeCommand. |
| Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the apply endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests. |
| Simple Client Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the manage_client endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests. |
| BigAnt Server v5.6.06 was discovered to contain an incorrect access control issue. |
| EyouCMS v1.5.5 was discovered to have no access control in the component /data/sqldata. |
| Tenda AC9 v15.03.2.21_cn was discovered to contain a stack overflow via the time parameter in the PowerSaveSet function. |
| An issue in index.php of OneNav v0.9.14 allows attackers to perform directory traversal. |
| EyouCMS v1.5.4 was discovered to lack parameter filtering in \user\controller\shop.php, leading to payment logic vulnerabilities. |
| A remote code execution (RCE) vulnerability in Ionize v1.0.8.1 allows attackers to execute arbitrary code via a crafted string written to the file application/config/config.php. |
| 74cmsSE v3.4.1 was discovered to contain an arbitrary file read vulnerability via the $url parameter at \index\controller\Download.php. |
| Suzuki Connect v1.0.15 allows attackers to tamper with displayed messages via spoofed CAN messages. |
| Xiaohuanxiong v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /app/controller/Books.php. |
| Piwigo v12.2.0 was discovered to contain an information leak via the action parameter in /admin/maintenance_actions.php. |
| Piwigo v12.2.0 was discovered to contain a SQL injection vulnerability via pwg.users.php. |
| Contao Managed Edition v1.5.0 was discovered to contain a remote command execution (RCE) vulnerability via the component php_cli parameter. |
| Yonyou u8 v13.0 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability via the component /u8sl/WebHelp. |
| Simple-Plist v1.3.0 was discovered to contain a prototype pollution vulnerability via .parse(). |
| A buffer over flow in Xiongmai DVR devices NBD80X16S-KL, NBD80X09S-KL, NBD80X08S-KL, NBD80X09RA-KL, AHB80X04R-MH, AHB80X04R-MH-V2, AHB80X04-R-MH-V3, AHB80N16T-GS, AHB80N32F4-LME, and NBD90S0VT-QW allows attackers to cause a Denial of Service (DoS) via a crafted RSTP request. |
| Clash for Windows v0.19.8 was discovered to allow arbitrary code execution via a crafted payload injected into the Proxies name column. |