| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Template injection in connection test endpoint leads to RCE in GitHub repository sqlpad/sqlpad prior to 6.10.1. |
| Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563. |
| Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to 2.10.4. |
| Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4. |
| Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4. |
| Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18. |
| Stored XSS via file upload in GitHub repository star7th/showdoc prior to v2.10.4. |
| Stored xss in showdoc through file upload in GitHub repository star7th/showdoc prior to 2.10.4. |
| Cross-site Scripting (XSS) - Stored in GitHub repository autolab/autolab prior to 2.8.0. |
| Host Header injection in password Reset in GitHub repository livehelperchat/livehelperchat prior to 3.97. |
| Missing Authorization in GitHub repository saleor/saleor prior to 3.1.2. |
| File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12. |
| XSS on dynamic_text module in GitHub repository microweber/microweber prior to 1.2.11. |
| Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.12. |
| File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12. |
| Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4. |
| Abusing Backup/Restore feature to achieve Remote Code Execution in GitHub repository microweber/microweber prior to 1.2.12. |
| The Salon booking system Free and Pro WordPress plugins before 7.6.3 do not have proper authorisation in some of its endpoints, which could allow customers to access all bookings and other customer's data |
| The Salon booking system Free and pro WordPress plugins before 7.6.3 do not have proper authorisation when searching bookings, allowing any unauthenticated users to search other's booking, as well as retrieve sensitive information about the bookings, such as the full name, email and phone number of the person who booked it. |
| An issue was discovered in Logitech Options. The OAuth 2.0 state parameter was not properly validated. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations. |
