| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| JPEGDEC commit be4843c was discovered to contain a segmentation fault via fseek at /libio/fseek.c. |
| JPEGDEC commit be4843c was discovered to contain a FPE via DecodeJPEG at /src/jpeg.inl. |
| JPEGDEC commit be4843c was discovered to contain a global buffer overflow via JPEGDecodeMCU at /src/jpeg.inl. |
| Totolink A3600R_Firmware V4.1.2cu.5182_B20201102 contains a hard code password for root in /etc/shadow.sample. |
| Luadec v0.9.9 was discovered to contain a heap-buffer overflow via the function UnsetPending. |
| Paymoney v3.3 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities via the first_name and last_name parameters. |
| Fruits Bazar v1.0 was discovered to contain a SQL injection vulnerability via the recover_email parameter at user_password_recover.php. |
| Inout Blockchain AltExchanger v1.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/js. |
| The scu-captcha package in PyPI v0.0.1 to v0.0.4 included a code execution backdoor inserted by a third party. |
| The eziod package in PyPI before v0.0.1 included a code execution backdoor inserted by a third party. |
| The PyCrowdTangle package in PyPI before v0.0.1 included a code execution backdoor inserted by a third party. |
| So Filter Shop v3.x was discovered to contain multiple blind SQL injection vulnerabilities via the att_value_id , manu_value_id , opt_value_id , and subcate_value_id parameters at /index.php?route=extension/module/so_filter_shop_by/filter_data. |
| An arbitrary file upload vulnerability in the Advertising Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary code via a crafted PHP file. |
| Crow before 1.0+4 has a heap-based buffer overflow via the function qs_parse in query_string.h. On successful exploitation this vulnerability allows attackers to remotely execute arbitrary code in the context of the vulnerable service. |
| PingCAP TiDB v6.1.0 was discovered to contain a NULL pointer dereference. |
| An issue in the fetch_step function in Percona Server for MySQL v8.0.28-19 allows attackers to cause a Denial of Service (DoS) via a SQL query. |
| The assertion `stmt->Dbc->FirstStmt' failed in MonetDB Database Server v11.43.13. |
| OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain an HTML injection vulnerability via the location parameter at http://ip_address/:port/ossn/home. |
| OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain an arbitrary file upload vulnerability via the component /ossn/administrator/com_installer. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. Note: The project owner believes this is intended behavior of the application as it only allows authenticated admins to upload files. |
| OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the SitePages module. |
