| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Polaris Office v9.102.66 is affected by a divide-by-zero error in PolarisOffice.exe and EngineDLL.dll that may cause a local denial of service. To exploit the vulnerability, someone must open a crafted PDF file. |
| Genymotion Desktop through 3.2.0 leaks the host's clipboard data to the Android application by default. NOTE: the vendor's position is that this is intended behavior that can be changed through the Settings > Device screen |
| There is a Null Pointer Dereference vulnerability in the XFAScanner::scanNode() function in XFAScanner.cc in xpdf 4.03. |
| SQL Injection in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to obtain sensitive database information by injecting SQL commands into the "sername" parameter. |
| Cross Site Scripting (XSS) in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "sername" parameter. |
| A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "query" parameter. |
| A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allow remote attacker to inject javascript via URI in /index.php. |
| A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "limit" parameter. |
| A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "refID" parameter. |
| A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "valueID" parameter. |
| A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "page" parameter. |
| Cross Site Scripting (XSS) vulnerability in margox braft-editor version 2.3.8, allows remote attackers to execute arbitrary code via the embed media feature. |
| An issue was discovered in open-falcon dashboard version 0.2.0, allows remote attackers to gain, modify, and delete sensitive information via crafted POST request to register interface. |
| Learnsite 1.2.5.0 contains a remote privilege escalation vulnerability in /Manager/index.aspx through the JudgIsAdmin() function. By modifying the initial letter of the key of a user cookie, the key of the administrator cookie can be obtained. |
| A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "author" parameter. |
| A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "srch" parameter. |
| Foxit PDF SDK For Web through 7.5.0 allows XSS. There is arbitrary JavaScript code execution in the browser if a victim uploads a malicious PDF document containing embedded JavaScript code that abuses app.alert (in the Acrobat JavaScript API). |
| URI.js (aka urijs) before 1.19.6 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path. |
| url-parse before 1.5.0 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path. |
| EyesOfNetwork 5.3-10 uses an integer of between 8 and 10 digits for the session ID, which might be leveraged for brute-force authentication bypass (such as in CVE-2021-27513 exploitation). |