| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-26899 | Cri | 0.62 | 9.6 | 0.01 | Oct 9, 2020 | Certain NETGEAR devices are affected by disclosure of sensitive information. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11. | ||
| CVE-2020-26898 | Cri | 0.62 | 9.6 | 0.01 | Oct 9, 2020 | NETGEAR RAX40 devices before 1.0.3.80 are affected by incorrect configuration of security settings. | ||
| CVE-2020-26897 | Cri | 0.62 | 9.6 | 0.01 | Oct 9, 2020 | Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11. | ||
| CVE-2020-15243 | Cri | 0.59 | 9.1 | 0.01 | Oct 8, 2020 | Affected versions of Smartstore have a missing WebApi Authentication attribute. This vulnerability affects Smartstore shops in version 4.0.0 & 4.0.1 which have installed and activated the Web API plugin. Users of Smartstore 4.0.0 and 4.0.1 must merge their repository with 4.0.x… | ||
| CVE-2020-1914 | — | Cri | 0.57 | 9.8 | 0.03 | Oct 8, 2020 | A logic vulnerability when handling the SaveGeneratorLong instruction in Facebook Hermes prior to commit b2021df620824627f5a8c96615edbd1eb7fdddfc allows attackers to potentially read out of bounds or theoretically execute arbitrary code via crafted JavaScript. Note that this is… | |
| CVE-2020-25273 | Cri | 0.64 | 9.8 | 0.02 | Oct 8, 2020 | In SourceCodester Online Bus Booking System 1.0, there is Authentication bypass on the Admin Login screen in admin.php via username or password SQL injection. | ||
| CVE-2020-11800 | Cri | 0.64 | 9.8 | 0.09 | Oct 7, 2020 | Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code. | ||
| CVE-2020-13347 | Cri | 0.59 | 9.1 | 0.02 | Oct 7, 2020 | A command injection vulnerability was discovered in Gitlab runner versions prior to 13.2.4, 13.3.2 and 13.4.1. When the runner is configured on a Windows system with a docker executor, which allows the attacker to run arbitrary commands on Windows host, via DOCKER_AUTH_CONFIG… | ||
| CVE-2020-26607 | Cri | 0.64 | 9.8 | 0.00 | Oct 6, 2020 | An issue was discovered in TimaService on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. PendingIntent with an empty intent is mishandled, allowing an attacker to perform a privileged action via a modified intent. The Samsung ID is SVE-2020-18418 (October… | ||
| CVE-2020-1907 | Cri | 0.64 | 9.8 | 0.02 | Oct 6, 2020 | A stack overflow in WhatsApp for Android prior to v2.20.196.16, WhatsApp Business for Android prior to v2.20.196.12, WhatsApp for iOS prior to v2.20.90, WhatsApp Business for iOS prior to v2.20.90, and WhatsApp for Portal prior to v173.0.0.29.505 could have allowed arbitrary… | ||
| CVE-2020-7741 | — | Cri | 0.57 | 9.9 | 0.01 | Oct 6, 2020 | This affects the package hellojs before 1.18.6. The code get the param oauth_redirect from url and pass it to location.assign without any check and sanitisation. So we can simply pass some XSS payloads into the url param oauth_redirect, such as javascript:alert(1). | |
| CVE-2020-26574 | Cri | 0.63 | 9.6 | 0.02 | Oct 6, 2020 | Leostream Connection Broker 8.2.x is affected by stored XSS. An unauthenticated attacker can inject arbitrary JavaScript code via the webquery.pl User-Agent HTTP header. It is rendered by the admins the next time they log in. The JavaScript injected can be used to force the… | ||
| CVE-2020-7465 | Cri | 0.64 | 9.8 | 0.03 | Oct 6, 2020 | The L2TP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted L2TP control packet with AVP Q.931 Cause Code to execute arbitrary code or cause a denial of service (memory corruption). | ||
| CVE-2020-24218 | Cri | 0.64 | 9.8 | 0.02 | Oct 6, 2020 | An issue was discovered on URayTech IPTV/H.264/H.265 video encoders through 1.97. Attackers can log in as root via the password that is hard-coded in the executable file. | ||
| CVE-2020-24217 | Cri | 0.70 | 9.8 | 0.40 | Oct 6, 2020 | An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. The file-upload endpoint does not enforce authentication. Attackers can send an unauthenticated HTTP request to upload a custom firmware component, possibly in conjunction with… | ||
| CVE-2020-24215 | Cri | 0.68 | 9.8 | 0.20 | Oct 6, 2020 | An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. Attackers can use hard-coded credentials in HTTP requests to perform any administrative task on the device including retrieving the device's configuration (with the cleartext admin… | ||
| CVE-2020-24214 | Cri | 0.70 | 9.8 | 0.35 | Oct 6, 2020 | An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. Attackers can send a crafted unauthenticated RTSP request to cause a buffer overflow and application crash. The device will not be able to perform its main purpose of video… | ||
| CVE-1999-0199 | Cri | 0.57 | 9.8 | 0.02 | Oct 6, 2020 | manual/search.texi in the GNU C Library (aka glibc) before 2.2 lacks a statement about the unspecified tdelete return value upon deletion of a tree's root, which might allow attackers to access a dangling pointer in an application whose developer was unaware of a documentation… | ||
| CVE-2020-16226 | Cri | 0.64 | 9.8 | 0.02 | Oct 5, 2020 | Multiple Mitsubishi Electric products are vulnerable to impersonations of a legitimate device by a malicious actor, which may allow an attacker to remotely execute arbitrary commands. | ||
| CVE-2020-24231 | Cri | 0.64 | 9.8 | 0.02 | Oct 5, 2020 | Symmetric DS <3.12.0 uses mx4j to provide access to JMX over HTTP. mx4j, by default, has no auth and is available on all interfaces. An attacker can interact with JMX: get system info, and invoke MBean methods. It is possible to install additional MBeans from a remote host using… | ||
| CVE-2020-6875 | Cri | 0.64 | 9.8 | 0.01 | Oct 5, 2020 | A ZTE product is impacted by the improper access control vulnerability. Due to lack of an authentication protection mechanism in the program, attackers could use this vulnerability to gain access right through brute-force attacks. This affects: <ZXONE 19700… | ||
| CVE-2020-4493 | Cri | 0.64 | 9.8 | 0.03 | Oct 5, 2020 | IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow an attacker to bypass authentication and issue commands using a specially crafted HTTP command. IBM X-Force ID: 181995. | ||
| CVE-2020-26527 | Cri | 0.64 | 9.8 | 0.01 | Oct 2, 2020 | An issue was discovered in API/api/Version in Damstra Smart Asset 2020.7. Cross-origin resource sharing trusts random origins by accepting the arbitrary 'Origin: example.com' header and responding with 200 OK and a wildcard 'Access-Control-Allow-Origin: *' header. | ||
| CVE-2020-26525 | Cri | 0.61 | 9.1 | 0.26 | Oct 2, 2020 | Damstra Smart Asset 2020.7 has SQL injection via the API/api/Asset originator parameter. This allows forcing the database and server to initiate remote connections to third party DNS servers. | ||
| CVE-2020-15232 | Cri | 0.00 | 9.3 | 0.01 | Oct 2, 2020 | In mapfish-print before version 3.24, a user can do to an XML External Entity (XXE) attack with the provided SDL style. | ||
| CVE-2020-15231 | Cri | 0.00 | 9.3 | 0.01 | Oct 2, 2020 | In mapfish-print before version 3.24, a user can use the JSONP support to do a Cross-site scripting. | ||
| CVE-2020-12676 | Cri | 0.59 | 9.1 | 0.03 | Oct 2, 2020 | FusionAuth fusionauth-samlv2 0.2.3 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack". | ||
| CVE-2020-18191 | Cri | 0.59 | 9.1 | 0.02 | Oct 2, 2020 | GetSimpleCMS-3.3.15 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /GetSimpleCMS-3.3.15/admin/log.php | ||
| CVE-2020-18190 | Cri | 0.59 | 9.1 | 0.02 | Oct 2, 2020 | Bludit v3.8.1 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /admin/ajax/upload-profile-picture. | ||
| CVE-2020-18185 | Cri | 0.64 | 9.8 | 0.02 | Oct 2, 2020 | class.plx.admin.php in PluXml 5.7 allows attackers to execute arbitrary PHP code by modify the configuration file in a linux environment. | ||
| CVE-2020-24698 | Cri | 0.64 | 9.8 | 0.03 | Oct 2, 2020 | An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker might be able to cause a double-free, leading to a crash or possibly arbitrary code execution. by sending crafted queries with a… | ||
| CVE-2020-12126 | Cri | 0.64 | 9.8 | 0.01 | Oct 2, 2020 | Multiple authentication bypass vulnerabilities in the /cgi-bin/ endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to leak router settings, change configuration variables, and cause denial of service via an unauthenticated endpoint. | ||
| CVE-2020-12125 | Cri | 0.64 | 9.8 | 0.04 | Oct 2, 2020 | A remote buffer overflow vulnerability in the /cgi-bin/makeRequest.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary machine instructions as root without authentication. | ||
| CVE-2020-12124 | Cri | 0.70 | 9.8 | 0.75 | Oct 2, 2020 | A remote command-line injection vulnerability in the /cgi-bin/live_api.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary Linux commands as root without authentication. | ||
| CVE-2020-26539 | Cri | 0.64 | 9.8 | 0.02 | Oct 2, 2020 | An issue was discovered in Foxit Reader and PhantomPDF before 10.1. When there is a multiple interpretation error for /V (in the Additional Action and Field dictionaries), a use-after-free can occur with resultant remote code execution (or an information leak). | ||
| CVE-2020-26537 | Cri | 0.64 | 9.8 | 0.01 | Oct 2, 2020 | An issue was discovered in Foxit Reader and PhantomPDF before 10.1. In a certain Shading calculation, the number of outputs is unequal to the number of color components in a color space. This causes an out-of-bounds write. | ||
| CVE-2020-26535 | Cri | 0.64 | 9.8 | 0.02 | Oct 2, 2020 | An issue was discovered in Foxit Reader and PhantomPDF before 10.1. If TslAlloc attempts to allocate thread local storage but obtains an unacceptable index value, V8 throws an exception that leads to a write access violation (and read access violation). | ||
| CVE-2020-26534 | Cri | 0.64 | 9.8 | 0.02 | Oct 2, 2020 | An issue was discovered in Foxit Reader and PhantomPDF before 10.1. There is an Opt object use-after-free related to Field::ClearItems and Field::DeleteOptions, during AcroForm JavaScript execution. | ||
| CVE-2020-26518 | Cri | 0.64 | 9.8 | 0.02 | Oct 2, 2020 | Artica Pandora FMS before 743 allows unauthenticated attackers to conduct SQL injection attacks via the pandora_console/include/chart_generator.php session_id parameter. | ||
| CVE-2020-15533 | Cri | 0.64 | 9.8 | 0.04 | Oct 1, 2020 | In Zoho ManageEngine Application Manager 14.7 Build 14730 (before 14684, and between 14689 and 14750), the AlarmEscalation module is vulnerable to unauthenticated SQL Injection attack. | ||
| CVE-2020-25990 | Cri | 0.64 | 9.8 | 0.02 | Oct 1, 2020 | WebsiteBaker 2.12.2 allows SQL Injection via parameter 'display_name' in /websitebaker/admin/preferences/save.php. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. | ||
| CVE-2020-12870 | Cri | 0.64 | 9.8 | 0.02 | Sep 30, 2020 | RainbowFish PacsOne Server 6.8.4 allows SQL injection on the username parameter in the signup page. | ||
| CVE-2020-26158 | Cri | 0.63 | 9.6 | 0.02 | Sep 30, 2020 | Leanote Desktop through 2.6.2 allows XSS because a note's title is mishandled when the batch feature is triggered. This leads to remote code execution because of Node integration. | ||
| CVE-2020-26157 | Cri | 0.63 | 9.6 | 0.02 | Sep 30, 2020 | Leanote Desktop through 2.6.2 allows XSS because a note's title is mishandled during syncing. This leads to remote code execution because of Node integration. | ||
| CVE-2020-26154 | Cri | 0.00 | 9.8 | 0.04 | Sep 30, 2020 | url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header. | ||
| CVE-2020-26042 | Cri | 0.64 | 9.8 | 0.01 | Sep 30, 2020 | An issue was discovered in Hoosk CMS v1.8.0. There is a SQL injection vulnerability in install/index.php | ||
| CVE-2020-26041 | Cri | 0.64 | 9.8 | 0.03 | Sep 30, 2020 | An issue was discovered in Hoosk CmS v1.8.0. There is an Remote Code Execution vulnerability in install/index.php | ||
| CVE-2020-25763 | Cri | 0.64 | 9.8 | 0.05 | Sep 30, 2020 | Seat Reservation System version 1.0 suffers from an Unauthenticated File Upload Vulnerability allowing Remote Attackers to gain Remote Code Execution (RCE) on the Hosting Webserver via uploading PHP files. | ||
| CVE-2020-25762 | Cri | 0.63 | 9.1 | 0.11 | Sep 30, 2020 | An issue was discovered in SourceCodester Seat Reservation System 1.0. The file admin_class.php does not perform input validation on the username and password parameters. An attacker can send malicious input in the post request to /admin/ajax.php?action=login and bypass… | ||
| CVE-2020-21526 | Cri | 0.64 | 9.8 | 0.02 | Sep 30, 2020 | An Arbitrary file writing vulnerability in halo v1.1.3. In an interface to write files in the background, a directory traversal check is performed on the input path parameter, but the startsWith function can be used to bypass it. |
- risk 0.62cvss 9.6epss 0.01
Certain NETGEAR devices are affected by disclosure of sensitive information. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11.
- risk 0.62cvss 9.6epss 0.01
NETGEAR RAX40 devices before 1.0.3.80 are affected by incorrect configuration of security settings.
- risk 0.62cvss 9.6epss 0.01
Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11.
- risk 0.59cvss 9.1epss 0.01
Affected versions of Smartstore have a missing WebApi Authentication attribute. This vulnerability affects Smartstore shops in version 4.0.0 & 4.0.1 which have installed and activated the Web API plugin. Users of Smartstore 4.0.0 and 4.0.1 must merge their repository with 4.0.x…
- risk 0.57cvss 9.8epss 0.03
A logic vulnerability when handling the SaveGeneratorLong instruction in Facebook Hermes prior to commit b2021df620824627f5a8c96615edbd1eb7fdddfc allows attackers to potentially read out of bounds or theoretically execute arbitrary code via crafted JavaScript. Note that this is…
- risk 0.64cvss 9.8epss 0.02
In SourceCodester Online Bus Booking System 1.0, there is Authentication bypass on the Admin Login screen in admin.php via username or password SQL injection.
- risk 0.64cvss 9.8epss 0.09
Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code.
- risk 0.59cvss 9.1epss 0.02
A command injection vulnerability was discovered in Gitlab runner versions prior to 13.2.4, 13.3.2 and 13.4.1. When the runner is configured on a Windows system with a docker executor, which allows the attacker to run arbitrary commands on Windows host, via DOCKER_AUTH_CONFIG…
- risk 0.64cvss 9.8epss 0.00
An issue was discovered in TimaService on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. PendingIntent with an empty intent is mishandled, allowing an attacker to perform a privileged action via a modified intent. The Samsung ID is SVE-2020-18418 (October…
- risk 0.64cvss 9.8epss 0.02
A stack overflow in WhatsApp for Android prior to v2.20.196.16, WhatsApp Business for Android prior to v2.20.196.12, WhatsApp for iOS prior to v2.20.90, WhatsApp Business for iOS prior to v2.20.90, and WhatsApp for Portal prior to v173.0.0.29.505 could have allowed arbitrary…
- risk 0.57cvss 9.9epss 0.01
This affects the package hellojs before 1.18.6. The code get the param oauth_redirect from url and pass it to location.assign without any check and sanitisation. So we can simply pass some XSS payloads into the url param oauth_redirect, such as javascript:alert(1).
- risk 0.63cvss 9.6epss 0.02
Leostream Connection Broker 8.2.x is affected by stored XSS. An unauthenticated attacker can inject arbitrary JavaScript code via the webquery.pl User-Agent HTTP header. It is rendered by the admins the next time they log in. The JavaScript injected can be used to force the…
- risk 0.64cvss 9.8epss 0.03
The L2TP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted L2TP control packet with AVP Q.931 Cause Code to execute arbitrary code or cause a denial of service (memory corruption).
- risk 0.64cvss 9.8epss 0.02
An issue was discovered on URayTech IPTV/H.264/H.265 video encoders through 1.97. Attackers can log in as root via the password that is hard-coded in the executable file.
- risk 0.70cvss 9.8epss 0.40
An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. The file-upload endpoint does not enforce authentication. Attackers can send an unauthenticated HTTP request to upload a custom firmware component, possibly in conjunction with…
- risk 0.68cvss 9.8epss 0.20
An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. Attackers can use hard-coded credentials in HTTP requests to perform any administrative task on the device including retrieving the device's configuration (with the cleartext admin…
- risk 0.70cvss 9.8epss 0.35
An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. Attackers can send a crafted unauthenticated RTSP request to cause a buffer overflow and application crash. The device will not be able to perform its main purpose of video…
- risk 0.57cvss 9.8epss 0.02
manual/search.texi in the GNU C Library (aka glibc) before 2.2 lacks a statement about the unspecified tdelete return value upon deletion of a tree's root, which might allow attackers to access a dangling pointer in an application whose developer was unaware of a documentation…
- risk 0.64cvss 9.8epss 0.02
Multiple Mitsubishi Electric products are vulnerable to impersonations of a legitimate device by a malicious actor, which may allow an attacker to remotely execute arbitrary commands.
- risk 0.64cvss 9.8epss 0.02
Symmetric DS <3.12.0 uses mx4j to provide access to JMX over HTTP. mx4j, by default, has no auth and is available on all interfaces. An attacker can interact with JMX: get system info, and invoke MBean methods. It is possible to install additional MBeans from a remote host using…
- risk 0.64cvss 9.8epss 0.01
A ZTE product is impacted by the improper access control vulnerability. Due to lack of an authentication protection mechanism in the program, attackers could use this vulnerability to gain access right through brute-force attacks. This affects: <ZXONE 19700…
- risk 0.64cvss 9.8epss 0.03
IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow an attacker to bypass authentication and issue commands using a specially crafted HTTP command. IBM X-Force ID: 181995.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in API/api/Version in Damstra Smart Asset 2020.7. Cross-origin resource sharing trusts random origins by accepting the arbitrary 'Origin: example.com' header and responding with 200 OK and a wildcard 'Access-Control-Allow-Origin: *' header.
- risk 0.61cvss 9.1epss 0.26
Damstra Smart Asset 2020.7 has SQL injection via the API/api/Asset originator parameter. This allows forcing the database and server to initiate remote connections to third party DNS servers.
- risk 0.00cvss 9.3epss 0.01
In mapfish-print before version 3.24, a user can do to an XML External Entity (XXE) attack with the provided SDL style.
- risk 0.00cvss 9.3epss 0.01
In mapfish-print before version 3.24, a user can use the JSONP support to do a Cross-site scripting.
- risk 0.59cvss 9.1epss 0.03
FusionAuth fusionauth-samlv2 0.2.3 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack".
- risk 0.59cvss 9.1epss 0.02
GetSimpleCMS-3.3.15 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /GetSimpleCMS-3.3.15/admin/log.php
- risk 0.59cvss 9.1epss 0.02
Bludit v3.8.1 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /admin/ajax/upload-profile-picture.
- risk 0.64cvss 9.8epss 0.02
class.plx.admin.php in PluXml 5.7 allows attackers to execute arbitrary PHP code by modify the configuration file in a linux environment.
- risk 0.64cvss 9.8epss 0.03
An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker might be able to cause a double-free, leading to a crash or possibly arbitrary code execution. by sending crafted queries with a…
- risk 0.64cvss 9.8epss 0.01
Multiple authentication bypass vulnerabilities in the /cgi-bin/ endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to leak router settings, change configuration variables, and cause denial of service via an unauthenticated endpoint.
- risk 0.64cvss 9.8epss 0.04
A remote buffer overflow vulnerability in the /cgi-bin/makeRequest.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary machine instructions as root without authentication.
- risk 0.70cvss 9.8epss 0.75
A remote command-line injection vulnerability in the /cgi-bin/live_api.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary Linux commands as root without authentication.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in Foxit Reader and PhantomPDF before 10.1. When there is a multiple interpretation error for /V (in the Additional Action and Field dictionaries), a use-after-free can occur with resultant remote code execution (or an information leak).
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in Foxit Reader and PhantomPDF before 10.1. In a certain Shading calculation, the number of outputs is unequal to the number of color components in a color space. This causes an out-of-bounds write.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in Foxit Reader and PhantomPDF before 10.1. If TslAlloc attempts to allocate thread local storage but obtains an unacceptable index value, V8 throws an exception that leads to a write access violation (and read access violation).
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in Foxit Reader and PhantomPDF before 10.1. There is an Opt object use-after-free related to Field::ClearItems and Field::DeleteOptions, during AcroForm JavaScript execution.
- risk 0.64cvss 9.8epss 0.02
Artica Pandora FMS before 743 allows unauthenticated attackers to conduct SQL injection attacks via the pandora_console/include/chart_generator.php session_id parameter.
- risk 0.64cvss 9.8epss 0.04
In Zoho ManageEngine Application Manager 14.7 Build 14730 (before 14684, and between 14689 and 14750), the AlarmEscalation module is vulnerable to unauthenticated SQL Injection attack.
- risk 0.64cvss 9.8epss 0.02
WebsiteBaker 2.12.2 allows SQL Injection via parameter 'display_name' in /websitebaker/admin/preferences/save.php. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
- risk 0.64cvss 9.8epss 0.02
RainbowFish PacsOne Server 6.8.4 allows SQL injection on the username parameter in the signup page.
- risk 0.63cvss 9.6epss 0.02
Leanote Desktop through 2.6.2 allows XSS because a note's title is mishandled when the batch feature is triggered. This leads to remote code execution because of Node integration.
- risk 0.63cvss 9.6epss 0.02
Leanote Desktop through 2.6.2 allows XSS because a note's title is mishandled during syncing. This leads to remote code execution because of Node integration.
- risk 0.00cvss 9.8epss 0.04
url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in Hoosk CMS v1.8.0. There is a SQL injection vulnerability in install/index.php
- risk 0.64cvss 9.8epss 0.03
An issue was discovered in Hoosk CmS v1.8.0. There is an Remote Code Execution vulnerability in install/index.php
- risk 0.64cvss 9.8epss 0.05
Seat Reservation System version 1.0 suffers from an Unauthenticated File Upload Vulnerability allowing Remote Attackers to gain Remote Code Execution (RCE) on the Hosting Webserver via uploading PHP files.
- risk 0.63cvss 9.1epss 0.11
An issue was discovered in SourceCodester Seat Reservation System 1.0. The file admin_class.php does not perform input validation on the username and password parameters. An attacker can send malicious input in the post request to /admin/ajax.php?action=login and bypass…
- risk 0.64cvss 9.8epss 0.02
An Arbitrary file writing vulnerability in halo v1.1.3. In an interface to write files in the background, a directory traversal check is performed on the input path parameter, but the startsWith function can be used to bypass it.