| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers read the contents of arbitrary files on the operating system by creating a symbolic link. |
| XunRuiCMS v4.5.5 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component /admin.php. |
| A hard-coded cryptographic private key used to sign JWT authentication tokens in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate arbitrary users and roles in web management and REST API endpoints via crafted JWT tokens. |
| Arbitrary commands execution on the server by exploiting a command injection vulnerability in the LDAP authentication mechanism. This issue affects Pandora FMS: from 700 through <=777.4 |
| itsourcecode Online Hotel Management System Project In PHP v1.0.0 is vulnerable to SQL Injection. SQL injection points exist in the login password input box. This vulnerability can be exploited through time-based blind injection. |
| Gibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI) where it's possible to include the content of several files present in the installation folder in the server's response. |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. |
| An issue was discovered in the ProofreadPage (aka Proofread Page) extension for MediaWiki through 1.39.3. In includes/Page/PageContentHandler.php and includes/Page/PageDisplayHandler.php, hidden users can be exposed via public interfaces. |
| Multiple Cross-Site Scripting (XSS) vulnerabilities have been identified in Gibbon v25.0.0, which enable attackers to execute arbitrary Javascript code. |
| A Cross Site Scripting vulnerability in PHPgurukl User Registration Login and User Management System with admin panel v.1.0 allows a local attacker to execute arbitrary code via a crafted script to the signup.php. |
| The Formidable Forms WordPress plugin before 6.14.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
| Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.5 allows a remote attacker to obtain sensitive information via a crafted scripts to the Admin Panel. |
| An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It may allow an authenticated user to bypass authorization requirements and access underlying implementation functions. When a superuser has configured file locations using CREATE DIRECTORY, these functions allow users to take a wide range of actions, including read, write, copy, rename, and delete. |
| The back-end does not sufficiently verify the user-controlled filename parameter which makes it possible for an attacker to perform a path traversal attack and retrieve arbitrary files from the file system. |
| The administrative interface listens by default on all interfaces on a TCP port and does not require authentication when being accessed. |
| Transient DOS while parsing the multiple MBSSID IEs from the beacon, when the tag length is non-zero value but with end of beacon. |
| Missing Authorization vulnerability in Bowo Debug Log Manager.This issue affects Debug Log Manager: from n/a through 2.3.1. |
| Transient DOS when driver accesses the ML IE memory and offset value is incremented beyond ML IE length. |
| Transient DOS while parsing the MBSSID IE from the beacons, when the MBSSID IE length is zero. |
| Transient DOS while parsing fragments of MBSSID IE from beacon frame. |
