| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Name Field. |
| OpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Saved Search Creation. |
| OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Group Name Field. |
| OpenCRX version 5.2.0 is vulnerable to HTML injection via Product Name Field. |
| OpenCRX version 5.2.0 is vulnerable to HTML injection via the Activity Search Criteria-Activity Number. |
| The get_parentControl_list_Info function does not verify the parameters entered by the user, causing a post-authentication heap overflow vulnerability in Tenda AC23 v16.03.07.45_cn |
| The sub_451784 function does not validate the parameters entered by the user, resulting in a stack overflow vulnerability in Tenda AC23 v16.03.07.45_cn |
| The compare_parentcontrol_time function does not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability in Tenda AC23 v16.03.07.45_cn. |
| Tenda AC23 Vv16.03.07.45_cn is vulnerable to Buffer Overflow via sub_450A4C function. |
| In Tenda AC23 v16.03.07.45_cn, the formSetIPv6status and formGetWanParameter functions do not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability. |
| In Tenda AC23 v16.03.07.45_cn, the sub_4781A4 function does not validate the parameters entered by the user, resulting in a post-authentication stack overflow vulnerability. |
| Phicomm k2 v22.6.529.216 was discovered to contain a command injection vulnerability via the function luci.sys.call. |
| extract_user_to_sg in lib/scatterlist.c in the Linux kernel before 6.4.12 fails to unpin pages in a certain situation, as demonstrated by a WARNING for try_grab_page. |
| SpringBlade <=V3.6.0 is vulnerable to Incorrect Access Control due to incorrect configuration in the default gateway resulting in unauthorized access to error logs |
| In SpringBlade V3.6.0 when executing SQL query, the parameters submitted by the user are not wrapped in quotation marks, which leads to SQL injection. |
| HKcms v2.3.0.230709 is vulnerable to Cross Site Scripting (XSS) allowing administrator cookies to be stolen. |
| DedeCMS 5.7.102 has a File Upload vulnerability via uploads/dede/module_make.php. |
| Buffer Overflow vulnerability in Libming Libming v.0.4.8 allows a remote attacker to cause a denial of service via a crafted .swf file to the makeswf function. |
| An issue in IceWarp Mail Server Deep Castle 2 v.13.0.1.2 allows a remote attacker to execute arbitrary code via a crafted request to the URL. |
| SQL injection vulnerability in DataEase v.1.18.9 allows a remote attacker to obtain sensitive information via a crafted string outside of the blacklist function. |
