| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Web Based Quiz System 1.0 is affected by cross-site scripting (XSS) in register.php through the name parameter. |
| Web Based Quiz System 1.0 is affected by cross-site scripting (XSS) in admin.php through the options parameter. |
| A persistent cross-site scripting vulnerability was discovered in the Excerpt parameter in Textpattern CMS 4.9.0 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered by users visiting the 'Articles' page. |
| A cross-site scripting vulnerability was discovered in the Comments parameter in Textpattern CMS 4.8.4 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered by users visiting https://site.com/articles/welcome-to-your-site#comments-head. |
| A persistent cross-site scripting vulnerability was discovered in Local Services Search Engine Management System Project 1.0 which allows remote attackers to execute arbitrary code via crafted payloads entered into the Name and Address fields. |
| A SQL injection vulnerability was discovered in the editid parameter in Local Services Search Engine Management System Project 1.0. This vulnerability gives admin users the ability to dump all data from the database. |
| Appspace 6.2.4 is vulnerable to a broken authentication mechanism where pages such as /medianet/mail.aspx can be called directly and the framework is exposed with layouts, menus and functionalities. |
| Appspace 6.2.4 is vulnerable to stored cross-site scripting (XSS) in multiple parameters within /medianet/sgcontentset.aspx. |
| In Pluck-4.7.15 admin background a remote command execution vulnerability exists when uploading files. |
| Remote Code Execution (RCE) vulnerability exists in MaxSite CMS v107.5 via the Documents page. |
| SQL injection exists in Piwigo before 11.4.0 via the language parameter to admin.php?page=languages. |
| Alps Alpine Touchpad Driver 10.3201.101.215 is vulnerable to DLL Injection. |
| Dolphin CMS 7.4.2 is vulnerable to stored XSS via the Page Builder "width" parameter. |
| The MsIo64.sys driver before 1.1.19.1016 in MSI Dragon Center before 2.0.98.0 has a buffer overflow that allows privilege escalation via a crafted 0x80102040, 0x80102044, 0x80102050, or 0x80102054 IOCTL request. |
| SonLogger before 6.4.1 is affected by Unauthenticated Arbitrary File Upload. An attacker can send a POST request to /Config/SaveUploadedHotspotLogoFile without any authentication or session header. There is no check for the file extension or content of the uploaded file. |
| SonLogger before 6.4.1 is affected by user creation with any user permissions profile (e.g., SuperAdmin). An anonymous user can send a POST request to /User/saveUser without any authentication or session header. |
| Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning a data source they should not be able to access. |
| Zoho ManageEngine ADSelfService Plus before 6104 allows stored XSS on the /webclient/index.html#/directory-search user search page via the e-mail address field. |
| A heap-based buffer overflow vulnerability exists on the ecobee3 lite 4.5.81.200 device in the HKProcessConfig function of the HomeKit Wireless Access Control setup process. A threat actor can exploit this vulnerability to force the device to connect to a SSID or cause a denial of service. |
| A NULL pointer dereference vulnerability exists on the ecobee3 lite 4.5.81.200 device in the HomeKit Wireless Access Control setup process. A threat actor can exploit this vulnerability to cause a denial of service, forcing the device to reboot via a crafted HTTP request. |
