| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An issue in DARTS SHOP MAXIM mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. |
| An issue in urban_project mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. |
| An issue in DA BUTCHERS mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. |
| An issue in animal-art-lab v13.6.1 allows attackers to send crafted notifications via leakage of the channel access token. |
| Cross Site Request Forgery vulnerability in Click Studios (SA) Pty Ltd Passwordstate v.Build 9785 and before allows a local attacker to execute arbitrary code via a crafted request. |
| Deserialization of Untrusted Data in emlog pro v.2.1.15 and earlier allows a remote attacker to execute arbitrary code via the cache.php component. |
| D-Link Wireless MU-MIMO Gigabit AC1200 Router DIR-846 100A53DBR-Retail devices allow an authenticated remote attacker to execute arbitrary code via an unspecified manipulation of the QoS POST parameter. |
| Double Free vulnerability in Nothings Stb Image.h v.2.28 allows a remote attacker to cause a denial of service via a crafted file to the stbi_load_gif_main function. |
| A Cross-Site Request Forgery (CSRF) in admin_manager.php of Seacms up to v12.8 allows attackers to arbitrarily add an admin account. |
| Cross-Site Request Forgery (CSRF) vulnerability in DedeCMS v5.7 in 110 backend management interface via /catalog_add.php, allows attackers to create crafted web pages due to a lack of verification of the token value of the submitted form. |
| Phpjabbers PHP Shopping Cart 4.2 is vulnerable to SQL Injection via the id parameter. |
| Incorrect access control in 70mai a500s v1.2.119 allows attackers to directly access and delete the video files of the driving recorder through ftp and other protocols. |
| dst-admin v1.5.0 was discovered to contain a remote command execution (RCE) vulnerability via the userId parameter at /home/playerOperate. |
| pigcms up to 7.0 was discovered to contain an arbitrary file upload vulnerability. |
| Deyue Remote Vehicle Management System v1.1 was discovered to contain a deserialization vulnerability. |
| A cross-site scripting (XSS) vulnerability in the publish article function of emlog pro v2.1.14 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title field. |
| A Cross-site scripting (XSS) vulnerability in Froala Editor v.4.1.1 allows attackers to execute arbitrary code via the Markdown component. |
| Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the admin panel. |
| A path traversal in Gladys Assistant v4.26.1 and below allows authenticated attackers to extract sensitive files in the host machine by exploiting a non-sanitized user input. |
| XNSoft Nconvert 7.136 is vulnerable to Buffer Overflow via a crafted image file. |
