| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| MERCUSYS Mercury X18G 1.0.5 devices allow Denial of service via a crafted value to the POST listen_http_lan parameter. Upon subsequent device restarts after this vulnerability is exploted the device will not be able to access the webserver unless the listen_http_lan parameter to uhttpd.json is manually fixed. |
| Cross site Scripting (XSS) vulnerability in MERCUSYS Mercury X18G 1.0.5 devices, via crafted values to the 'src_dport_start', 'src_dport_end', and 'dest_port' parameters. |
| UCMS 1.5.0 was discovered to contain a physical path leakage via an error message returned by the adminchannelscache() function in top.php. |
| A code injection vulnerability in backup/plugin.php of Bludit 3.13.1 allows attackers to execute arbitrary code via a crafted ZIP file. |
| A NULL-pointer dereference in "Open" in avi.c of VideoLAN VLC Media Player 3.0.11 can a denial of service (DOS) in the application. |
| A buffer overflow vulnerability in the vlc_input_attachment_New component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file. |
| A buffer overflow vulnerability in the AVI_ExtractSubtitle component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file. |
| A buffer overflow vulnerability in the __Parse_indx component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file. |
| Multiple stored cross site scripting (XSS) vulnerabilities in the "Update Profile" module of Online Doctor Appointment System 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in the First Name, Last Name, and Address text fields. |
| Multiple stored cross site scripting (XSS) vulnerabilities in the "Register" module of House Rental and Property Listing 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in all text fields except for Phone Number and Alternate Phone Number. |
| An issue was discovered in QPDF version 10.0.4, allows remote attackers to execute arbitrary code via crafted .pdf file to Pl_ASCII85Decoder::write parameter in libqpdf. |
| Taocms v2.5Beta5 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Management column. |
| Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Edit Article. |
| Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Article Search. |
| In JetBrains TeamCity before 2020.2.1, permissions during user deletion were checked improperly. |
| In JetBrains TeamCity before 2020.2.1, permissions during token removal were checked improperly. |
| In JetBrains TeamCity before 2020.2, an ECR token could be exposed in a build's parameters. |
| In JetBrains TeamCity before 2020.2.1, the server admin could create and see access tokens for any other users. |
| In JetBrains TeamCity before 2020.2.1, a user could get access to the GitHub access token of another user. |
| JetBrains TeamCity before 2020.2 was vulnerable to reflected XSS on several pages. |