| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| In JetBrains YouTrack before 2021.1.11111, sandboxing in workflows was insufficient. |
| In JetBrains TeamCity before 2021.1, passwords in cleartext sometimes could be stored in VCS. |
| In JetBrains TeamCity before 2020.2.4, insufficient checks during file uploading were made. |
| In JetBrains TeamCity before 2021.1, an insecure key generation mechanism for encrypted properties was used. |
| In JetBrains TeamCity before 2021.1.1, insufficient authentication checks for agent requests were made. |
| In JetBrains TeamCity before 2020.2.4, there was an insecure deserialization. |
| In JetBrains RubyMine before 2021.1.1, code execution without user confirmation was possible for untrusted projects. |
| In JetBrains TeamCity before 2020.2.3, XSS was possible. |
| In JetBrains Hub before 2021.1.13402, HTML injection in the password reset email was possible. |
| In JetBrains Hub before 2021.1.13262, a potentially insufficient CSP for the Widget deployment feature was used. |
| Zoho ManageEngine ADManager Plus before 7111 is vulnerable to unrestricted file which leads to Remote code execution. |
| Multiple SQL injection vulnerabilities in SmartDataSoft SmartBlog for PrestaShop before 4.06 allow a remote unauthenticated attacker to execute arbitrary SQL commands via the day, month, or year parameter to the controllers/front/archive.php archive controller, or the id_category parameter to the controllers/front/category.php category controller. |
| SAP NetWeaver Application Server Java (JMS Connector Service) - versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for user privileges. |
| app/View/GalaxyClusters/add.ctp in MISP 2.4.146 allows Stored XSS when forking a galaxy cluster. |
| SAP Business One version - 10, due to improper input validation, allows an authenticated User to gain access to directory and view the contents of index in the directory, which would otherwise be restricted to high privileged User. |
| SAP NetWeaver Knowledge Management XML Forms versions - 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, contains an XSLT vulnerability which allows a non-administrative authenticated attacker to craft a malicious XSL stylesheet file containing a script with OS-level commands, copy it into a location to be accessed by the system and then create a file which will trigger the XSLT engine to execute the script contained within the malicious XSL file. This can result in a full compromise of the confidentiality, integrity, and availability of the system. |
| A denial of service vulnerabiity exists in fig2dev through 3.28a due to a segfault in the open_stream function in readpics.c. |
| A double-free vulnerability exists in fig2dev through 3.28a is affected by: via the free_stream function in readpics.c, which could cause a denial of service (context-dependent). |
| Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.26 allows remote unauthenticated users to inject arbitrary web script or HTML via an unsanitized "path" parameter in resources/login.php. |
| SQL injection vulnerability in HKing2802 Locke-Bot 2.0.2 allows remote attackers to run arbitrary SQL commands via crafted string to /src/db.js, /commands/mute.js, /modules/event/messageDelete.js. |
