| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| EOS v2.1.0 was discovered to contain a heap-buffer-overflow via the function txn_test_gen_plugin. |
| BOOM: The Berkeley Out-of-Order RISC-V Processor commit d77c2c3 was discovered to allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. |
| A stored cross-site scripting (XSS) vulnerability in /ptms/?page=user of Online Project Time Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user name field. |
| Online Project Time Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the function save_employee at /ptms/classes/Users.php. |
| lrzip v0.641 was discovered to contain a multiple concurrency use-after-free between the functions zpaq_decompress_buf() and clear_rulist(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted Irz file. |
| Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/WriteFacMac. |
| Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/exeCommand. |
| Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the apply endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests. |
| Simple Client Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the manage_client endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests. |
| BigAnt Server v5.6.06 was discovered to contain an incorrect access control issue. |
| EyouCMS v1.5.5 was discovered to have no access control in the component /data/sqldata. |
| Tenda AC9 v15.03.2.21_cn was discovered to contain a stack overflow via the time parameter in the PowerSaveSet function. |
| An issue in index.php of OneNav v0.9.14 allows attackers to perform directory traversal. |
| EyouCMS v1.5.4 was discovered to lack parameter filtering in \user\controller\shop.php, leading to payment logic vulnerabilities. |
| A remote code execution (RCE) vulnerability in Ionize v1.0.8.1 allows attackers to execute arbitrary code via a crafted string written to the file application/config/config.php. |
| 74cmsSE v3.4.1 was discovered to contain an arbitrary file read vulnerability via the $url parameter at \index\controller\Download.php. |
| Suzuki Connect v1.0.15 allows attackers to tamper with displayed messages via spoofed CAN messages. |
| Xiaohuanxiong v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /app/controller/Books.php. |
| Piwigo v12.2.0 was discovered to contain an information leak via the action parameter in /admin/maintenance_actions.php. |
| Piwigo v12.2.0 was discovered to contain a SQL injection vulnerability via pwg.users.php. |
