| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| In YFCMF v2.3.1, there is a stored XSS vulnerability in the comments section of the news page. |
| Cross site request forgery (CSRF) vulnerability in AyaCMS 3.1.2 allows attackers to change an administrators password or other unspecified impacts. |
| SQL Injection vulnerability in 188Jianzhan v2.1.0, allows attackers to execute arbitrary code and gain escalated privileges, via the username parameter to login.php. |
| An issue was discovered in function StartPage in text2pdf.c in pdfcorner text2pdf 1.1, allows attackers to cause denial of service or possibly other undisclosed impacts. |
| Buffer overflow vulnerability in Renleilei1992 Linux_Network_Project 1.0, allows attackers to execute arbitrary code, via the password field. |
| webTareas v2.1 is affected by Cross Site Scripting (XSS) on "Search." |
| WebPort-v1.19.17121 is affected by Cross Site Scripting (XSS) on the "connections" feature. |
| PHP-Fusion 9.03.60 is affected by Cross Site Scripting (XSS) via infusions/member_poll_panel/poll_admin.php. |
| NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "Configuration." |
| NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "Content." |
| NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "Configuration." |
| NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) via the module "Shop." |
| An insecure unserialize vulnerability was discovered in ThinkAdmin versions 4.x through 6.x in app/admin/controller/api/Update.php and app/wechat/controller/api/Push.php, which may lead to arbitrary remote code execution. |
| XSS exists in JIZHICMS 1.7.1 via index.php/Error/index?msg={XSS] to Home/c/ErrorController.php. |
| XSS exists in JIZHICMS 1.7.1 via index.php/Wechat/checkWeixin?signature=1&echostr={XSS] to Home/c/WechatController.php. |
| A command injection vulnerability exists in Moxa Inc VPort 461 Series Firmware Version 3.4 or lower that could allow a remote attacker to execute arbitrary commands in Moxa's VPort 461 Series Industrial Video Servers. |
| Cross-site request forgery (CSRF) in admin/global/manage.php in WDJA CMS 1.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via the tongji parameter. |
| A blind SQL injection vulnerability exists in zzcms ver201910 based on time (cookie injection). |
| An issue in the UPnP protocol in 4thline cling 2.0.0 through 2.1.2 allows remote attackers to cause a denial of service via an unchecked CALLBACK parameter in the request header |
| The Java Remote Management Interface of all versions of SVI MS Management System was discovered to contain a vulnerability due to insecure deserialization of user-supplied content, which can allow attackers to execute arbitrary code via a crafted serialized Java object. |
