| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross Site Scripting (XSS) vulnerability in Friendica versions after v.2023.12, allows a remote attacker to execute arbitrary code and obtain sensitive information via the BBCode tags in the post content and post comments function. |
| TOTOLINK A3002R V4.0.0-B20230531.1404 is vulnerable to Command Injection in /bin/boa via bandstr. |
| Sourcecodester Online Exam System 1.0 is vulnerable to SQL Injection via dash.php. |
| maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) via the Scheduled Task function. |
| maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) in the Collection Custom Interface feature. |
| maccms10 v2025.1000.4047 has a Server-Side Request Forgery (SSRF) vulnerability via Add Article. |
| A Stored Cross Site Scripting (XSS) vulnerability exists in multiple pages of Hotel Druid version 3.0.4, which allows arbitrary execution of commands. The vulnerable fields are Surname, Name, and Nickname in the Document function. |
| A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been declared as critical. This vulnerability affects unknown code of the file /goform/AdvSetWrl of the component Web Management Interface. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. |
| A vulnerability classified as critical has been found in Tenda FH1202 1.2.0.14(408). Affected is an unknown function of the file /goform/AdvSetWrlmacfilter of the component Web Management Interface. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. |
| A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been rated as critical. This issue affects some unknown processing of the file /goform/AdvSetWrlGstset of the component Web Management Interface. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. |
| ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) via image upload function. |
| ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) in Email Settings. |
| shopxo v6.4.0 has a ssrf/xss vulnerability in multiple places. |
| An issue in HotelDruid version 3.0.7 and earlier allows users to set weak passwords due to the lack of enforcement of password strength policies. |
| OneNav 1.1.0 is vulnerable to Server-Side Request Forgery (SSRF) in custom headers. |
| OneNav 1.1.0 is vulnerable to Cross Site Scripting (XSS) in custom headers. |
| Insufficient validation of untrusted input in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium) |
| An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory, write a limited amount outside of buffer bounds, or to disclose details of memory mappings. This affects Midgard r4p0 through r32p0, Bifrost r0p0 through r38p0 and r39p0 before r38p1, and Valhall r19p0 through r38p0 and r39p0 before r38p1. |
| A vulnerability has been found in Tenda AC6 15.03.05.19 and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac of the component API Endpoint. The manipulation of the argument mac leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. |
| On Android, Firefox may have inadvertently allowed viewing saved passwords without the required device PIN authentication. This vulnerability affects Firefox < 133. |
