| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via \admin\pages\sections_save.php namesection2 parameters. |
| GIMP 2.10.30 and 2.99.10 are vulnerable to Buffer Overflow. Through a crafted XCF file, the program will allocate for a huge amount of memory, resulting in insufficient memory or program crash. |
| A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function. |
| ftcms <=2.1 was discovered to be vulnerable to code execution attacks . |
| ftcms <=2.1 was discovered to be vulnerable to Arbitrary File Read via tp.php |
| ftcms <=2.1 was discovered to be vulnerable to directory traversal attacks via the parameter tp. |
| ftcms <=2.1 was discovered to be vulnerable to Arbitrary File Write via admin/controllers/tp.php |
| Shopwind <=v3.4.2 was discovered to contain a Arbitrary File Delete vulnerability via the neirong parameter at \backend\controllers\DbController.php. |
| Shopwind <=v3.4.2 was discovered to contain a Arbitrary File Download vulnerability via the neirong parameter at \backend\controllers\DbController.php. |
| Shopwind <=v3.4.2 was discovered to contain a stored cross-site scripting (XSS) vulnerability. |
| Prime95 30.7 build 9 suffers from a Buffer Overflow vulnerability that could lead to Remote Code Execution. |
| In Covid 19 Travel Pass Management 1.0, the code parameter is vulnerable to SQL injection attacks. |
| In Home Clean Service System 1.0, the password parameter is vulnerable to SQL injection attacks. |
| Gnuboard 5.55 and 5.56 is vulnerable to Cross Site Scripting (XSS) via bbs/member_confirm.php. |
| A Server-Side Request Forgery (SSRF) in Rebuild v2.8.3 allows attackers to obtain the real IP address and scan Intranet information via the fileurl parameter. |
| Mingsoft MCMS 5.2.7 was discovered to contain a SQL injection vulnerability in /mdiy/dict/list URI via orderBy parameter. |
| Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability in /mdiy/dict/listExcludeApp URI via orderBy parameter. |
| An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_decode() performs incorrect memory handling while parsing crafted XML files, leading to a heap out-of-bounds read. |
| Tenda AX1803 v1.0.0.1_2890 is vulnerable to Buffer Overflow. The vulnerability lies in rootfs_ In / goform / setsystimecfg of / bin / tdhttpd in ubif file system, attackers can access http://ip/goform/SetSysTimeCfg, and by setting the ntpserve parameter, the stack buffer overflow can be caused to achieve the effect of router denial of service. |
| MA Lighting grandMA2 Light has a password of root for the root account. NOTE: The vendor's position is that the product was designed for isolated networks. Also, the successor product, grandMA3, is not affected by this vulnerability. |